[
https://issues.apache.org/jira/browse/PDFBOX-3865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16082403#comment-16082403
]
ASF subversion and git services commented on PDFBOX-3865:
---------------------------------------------------------
Commit 1801628 from [~tilman] in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1801628 ]
PDFBOX-3865: add OWASP dependency-check to build
> Add OWASP dependency-check to build
> -----------------------------------
>
> Key: PDFBOX-3865
> URL: https://issues.apache.org/jira/browse/PDFBOX-3865
> Project: PDFBox
> Issue Type: Task
> Affects Versions: 2.0.6, 3.0.0
> Reporter: Tilman Hausherr
> Assignee: Tilman Hausherr
> Labels: build, maven
> Fix For: 2.0.7, 3.0.0
>
>
> https://github.com/jeremylong/dependency-check-gradle#current-release
> checks the build against known security issues. I tried it with a project
> that linked pdfbox 2.0.0 (has XXE vulnerability) and yes, the build stopped.
> Because the database needs 400MB in the repository we'll run it only in
> "pedantic" mode, i.e. for the jenkins builds.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
