3865:
-
Commit 1802017 from [~tilman] in branch 'pdfbox/branches/1.8'
[ https://svn.apache.org/r1802017 ]
PDFBOX-3865: update version
> Add OWASP dependency-check to build
> ---
>
> Key: PDFBOX-3865
> URL: https://
3865:
-
Commit 1802018 from [~tilman] in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1802018 ]
PDFBOX-3865: update version
> Add OWASP dependency-check to build
> ---
>
> Key: PDFBOX-3865
> URL: https://issues.
3865:
-
Commit 1802019 from [~tilman] in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1802019 ]
PDFBOX-3865: update version
> Add OWASP dependency-check to build
> ---
>
> Key: PDFBOX-3865
> URL: https://
[
https://issues.apache.org/jira/browse/PDFBOX-3865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tilman Hausherr resolved PDFBOX-3865.
-
Resolution: Fixed
> Add OWASP dependency-check to bu
crypto with elliptic curves. I'll create an exception.
> Add OWASP dependency-check to build
> ---
>
> Key: PDFBOX-3865
> URL: https://issues.apache.org/jira/browse/PDFBOX-3865
> Project: PDFBox
>
3865:
-
Commit 1801638 from [~tilman] in branch 'pdfbox/branches/1.8'
[ https://svn.apache.org/r1801638 ]
PDFBOX-3865: add suppression file with CVE-2015-7940 which is irrelevant to us
> Add OWASP dependency-check to build
> ---
>
>
ECDH) key
exchanges, aka an "invalid curve attack."
{quote}
We're not using any crypto with elliptic curves. I'll create an exception.
> Add OWASP dependency-check to build
> ---
>
> Key: PDFBOX-3865
>
[
https://issues.apache.org/jira/browse/PDFBOX-3865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tilman Hausherr updated PDFBOX-3865:
Affects Version/s: 1.8.13
> Add OWASP dependency-check to bu
[
https://issues.apache.org/jira/browse/PDFBOX-3865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tilman Hausherr updated PDFBOX-3865:
Fix Version/s: 1.8.14
> Add OWASP dependency-check to bu
3865:
-
Commit 1801630 from [~tilman] in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1801630 ]
PDFBOX-3865: add OWASP dependency-check to build
> Add OWASP dependency-check to build
> ---
>
> Key: PDFBOX-3865
&g
3865:
-
Commit 1801633 from [~tilman] in branch 'pdfbox/branches/1.8'
[ https://svn.apache.org/r1801633 ]
PDFBOX-3865: add OWASP dependency-check to build
> Add OWASP dependency-check to build
> ---
>
> Key: PDFBOX-3865
&g
3865:
-
Commit 1801628 from [~tilman] in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1801628 ]
PDFBOX-3865: add OWASP dependency-check to build
> Add OWASP dependency-check to build
> ---
>
> Key: PDFBOX-3865
> U
ps://github.com/jeremylong/dependency-check-gradle#current-release
checks the build against known security issues. I tried it with a project that
linked pdfbox 2.0.0 (has XXE vulnerability) and yes, the build stopped.
> Add OWASP dependency-check to build
> ---
&g
[
https://issues.apache.org/jira/browse/PDFBOX-3865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tilman Hausherr updated PDFBOX-3865:
Labels: build maven (was: )
> Add OWASP dependency-check to bu
Tilman Hausherr created PDFBOX-3865:
---
Summary: Add OWASP dependency-check to build
Key: PDFBOX-3865
URL: https://issues.apache.org/jira/browse/PDFBOX-3865
Project: PDFBox
Issue Type: Task
> Tilman Hausherr hat am 8. Juli 2017 um 15:40
> geschrieben:
>
>
> https://github.com/jeremylong/dependency-check-gradle#current-release
>
> Tim Allison pointed us to this on twitter... Should we use it (maybe
> just in "pedantic" mode, because it needs 400MB in the repository)?
>
> Or just
https://github.com/jeremylong/dependency-check-gradle#current-release
Tim Allison pointed us to this on twitter... Should we use it (maybe
just in "pedantic" mode, because it needs 400MB in the repository)?
Or just recommend our users to use it?
Or should just tika use it?
It tells whether a
17 matches
Mail list logo
