[jira] [Resolved] (PDFBOX-3865) Add OWASP dependency-check to build

Tilman Hausherr (JIRA) Tue, 11 Jul 2017 10:24:07 -0700

     [ 
https://issues.apache.org/jira/browse/PDFBOX-3865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tilman Hausherr resolved PDFBOX-3865.
-------------------------------------
    Resolution: Fixed

> Add OWASP dependency-check to build
> -----------------------------------
>
>                 Key: PDFBOX-3865
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-3865
>             Project: PDFBox
>          Issue Type: Task
>    Affects Versions: 1.8.13, 2.0.6, 3.0.0
>            Reporter: Tilman Hausherr
>            Assignee: Tilman Hausherr
>              Labels: build, maven
>             Fix For: 1.8.14, 2.0.7, 3.0.0
>
>
> https://github.com/jeremylong/dependency-check-gradle#current-release
> checks the build against known security issues. I tried it with a project 
> that linked pdfbox 2.0.0 (has XXE vulnerability) and yes, the build stopped.
> Because the database needs 400MB in the repository we'll run it only in 
> "pedantic" mode, i.e. for the jenkins builds.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Resolved] (PDFBOX-3865) Add OWASP dependency-check to build

Reply via email to