out of curiosity, would this open up POI to being able to parse (and execute) office files that are carrying pathological (infection vector) payloads? i don't know enough about the compliance checks, so i'm asking this sincerely, out of concern, from a security standpoint.
cheers Stanton Fisque principal technologist latticeware.com portland, oregon > On Mar 18, 2025, at 20:44 PM, krrg (via GitHub) <g...@apache.org> wrote: > > > krrg opened a new pull request, #775: > URL: https://github.com/apache/poi/pull/775 > > (Feature Proposal) > > Currently POI strictly enforces compliance with the OPC specs and provides > no mechanism by which these checks can be disabled by the library consumer. > Unfortunately, there do exist documents in the wild that do not _strictly_ > adhere to one or more of these specifications but which still need to be > parsed. I have observed a number of documents "in the wild" over the years > which are not strictly compliant, but otherwise can be parsed successfully > were it not for the strict compliance checking. > > I would like to introduce a new `OPCComplianceFlags` class which consumers > may optionally include when opening an OPCPackage. This will allow users to > optionally disable the current strict checking behavior at a granular level > for M4.2 through M4.5, allowing them to parse documents that are technically > non-compliant, but which are otherwise valid. > > This change should be completely backwards compatible. All existing public > APIs are retained and will default to the existing behavior of strict OPC > enforcement if no compliance flag parameter is passed. I have added a few > additional tests to ensure these flags work if specified. > > Thanks in advance for any feedback you might have! > > > > > -- > This is an automated message from the Apache Git Service. > To respond to the message, please log on to GitHub and use the > URL above to go to the specific comment. > > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > > For queries about this service, please contact Infrastructure at: > us...@infra.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > For additional commands, e-mail: dev-h...@poi.apache.org >
smime.p7s
Description: S/MIME cryptographic signature
