Re: PDFBox 1.8.17 vs. CVE-2021-27906, CVE-2021-27807

Fri, 28 Oct 2022 07:23:58 -0700 

Hi,

according to the description of both CVEs are about PDFBox 2.0.x

"This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
References"

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27807
The usage of 1.8.17 is discouraged. There are still some bugfix releases from time to time but the whole 1.8.x branch is outdated and it is expected to be set to EOL once 3.0.0 is released. 

You should start with 2.0.x. Currently the most recent version is 2.0.27

Andreas

Am 28.10.22 um 13:35 schrieb Mrowczynski, Krzysztof:

Hello, good morning!
In our project we would like to use PDFBox library. According to mentioned CVE’s /ALL/ versions below 2.0.23 are affected. Recently – 15^th Sempteber 2022 the PDFBox 1.8.17 was released. Unfortunately I cannot find any information about mitigation of the vulnerability in release notes. Can you please confirm if the vulnerability is still present in 1.8.17? 

Thank you in advance for support,
Have a great day

Kind regards,
Krzysztof Mrówczyński

Siemens Digital Logistics Sp. z o.o.
Departament R&D

ul. Swobodna 1 | 50-088 Wrocław
P +48 71 799 21 00
Mail: krzysztof.mrowczyn...@siemens.com <mailto:krzysztof.mrowczyn...@siemens-logistics.com> 
www.siemens-digital-logistics.com <http://www.siemens-digital-logistics.com/>

Management: Arkadiusz Wójtowicz, Anna Cieślik
Registered office: Swobodna 1, 50-088 Wrocław, Poland
Register Court: Enterprise Division VI of the National Court Register, District Wrocław-Fabryczna KRS number 0000008147 
Tax Identification Number: PL 8971648009
Share capital: 1.375.000,00 PLN

Confidential @ Siemens Digital Logistics Sp. z o.o.  All rights reserved.
Important notice: This e-mail and any attachment thereof contain corporate proprietary information. If you have received it by mistake, please notify us immediately by reply e-mail and delete this e-mail and its attachments from your system. Thank you. 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: users-h...@pdfbox.apache.org

Reply via email to