0.0.1-RC13 is facing critical security issue. Please update pdfbox to latest #241
Comments
|
This is already addressed by #239 . Just need a rc14 release. |
|
@koan00 You can manually reference pdfbox in your pom.xml and require 2.0.11 as a quick workaround. Just don't forget to remove or upgrade this reference in your pom.xml as soon as you upgrade this library. If you can control all the fonts which are used to generate reports with this libary, you should not be affected. You are only in danger if you allow your users to supply their own html, in which they reference AFM fonts somehow. But I would not even know how to use some other fonts than .ttf with this library ... |
|
Thanks guys, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are using version 0.0.1-RC13 but our analysis shows that we have a critical security issue. Please help deliver a new version with latest pdfbox lib (2.0.11)
"Description from CVE
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Categories
Data
Root Cause
fontbox-2.0.8.jar : [2.0.0, 2.0.11)"
The text was updated successfully, but these errors were encountered: