[jira] [Commented] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906
[ https://issues.apache.org/jira/browse/OFBIZ-12205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17305704#comment-17305704 ] ASF subversion and git services commented on OFBIZ-12205: - Commit 15bb640a83926d96163ef1496b3e162f79ae344c in ofbiz-framework's branch refs/heads/release17.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=15bb640 ] Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205) Currently we don't declare any dependency on PDFBox. I guess because it's used as a 3rd party by another lib. Fortunately it's easily done. > Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 > - > > Key: OFBIZ-12205 > URL: https://issues.apache.org/jira/browse/OFBIZ-12205 > Project: OFBiz > Issue Type: Sub-task > Components: Gradle >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > > Currently we don't declare any dependency on PDFBox. I guess because it's > used as a 3rd party by another lib. Fortunately it's easily done. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906
[ https://issues.apache.org/jira/browse/OFBIZ-12205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17305702#comment-17305702 ] ASF subversion and git services commented on OFBIZ-12205: - Commit df69401118c99896432b417690f2229bc757072c in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=df69401 ] Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205) Currently we don't declare any dependency on PDFBox. I guess because it's used as a 3rd party by another lib. Fortunately it's easily done. > Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 > - > > Key: OFBIZ-12205 > URL: https://issues.apache.org/jira/browse/OFBIZ-12205 > Project: OFBiz > Issue Type: Sub-task > Components: Gradle >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > > Currently we don't declare any dependency on PDFBox. I guess because it's > used as a 3rd party by another lib. Fortunately it's easily done. -- This message was sent by Atlassian Jira (v8.3.4#803005)