(re)Create release tag for MCF 1.7 RC2
git-svn-id: https://svn.apache.org/repos/asf/manifoldcf/tags/release-1.7-RC2@1619014 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/CHANGES.txt b/CHANGES.txt
index 6d1d163..4215caa 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -3,6 +3,9 @@
======================= Release 1.7 =====================
+CONNECTORS-1012: Upgrade xmlbeans and POI to fix various CVE's.
+(Karl Wright)
+
CONNECTORS-1011: Upgrade to httpclient 4.3.5.
(Karl Wright)
diff --git a/build.xml b/build.xml
index 5005ec6..5376914 100644
--- a/build.xml
+++ b/build.xml
@@ -1035,7 +1035,7 @@
<mkdir dir="lib"/>
<antcall target="download-via-maven"><param name="target" value="lib"/>
<param name="project-path" value="org/apache/poi"/>
- <param name="artifact-version" value="3.10-beta2"/>
+ <param name="artifact-version" value="3.10.1"/>
<param name="artifact-name" value="poi"/>
<param name="artifact-type" value="jar"/>
</antcall>
@@ -1645,7 +1645,7 @@
<antcall target="download-via-maven"><param name="target" value="lib"/>
<param name="project-path" value="org/apache/poi"/>
<param name="artifact-name" value="poi-scratchpad"/>
- <param name="artifact-version" value="3.10-beta2"/>
+ <param name="artifact-version" value="3.10.1"/>
<param name="artifact-type" value="jar"/>
</antcall>
<antcall target="download-via-maven"><param name="target" value="lib"/>
@@ -1669,7 +1669,7 @@
<antcall target="download-via-maven"><param name="target" value="lib"/>
<param name="project-path" value="org/apache/xmlbeans"/>
<param name="artifact-name" value="xmlbeans"/>
- <param name="artifact-version" value="2.3.0"/>
+ <param name="artifact-version" value="2.6.0"/>
<param name="artifact-type" value="jar"/>
</antcall>
<antcall target="download-via-maven"><param name="target" value="lib"/>
@@ -1753,13 +1753,13 @@
<antcall target="download-via-maven"><param name="target" value="lib"/>
<param name="project-path" value="org/apache/poi"/>
<param name="artifact-name" value="poi-ooxml"/>
- <param name="artifact-version" value="3.10-beta2"/>
+ <param name="artifact-version" value="3.10.1"/>
<param name="artifact-type" value="jar"/>
</antcall>
<antcall target="download-via-maven"><param name="target" value="lib"/>
<param name="project-path" value="org/apache/poi"/>
<param name="artifact-name" value="poi-ooxml-schemas"/>
- <param name="artifact-version" value="3.10-beta2"/>
+ <param name="artifact-version" value="3.10.1"/>
<param name="artifact-type" value="jar"/>
</antcall>
<antcall target="download-via-maven"><param name="target" value="lib"/>
diff --git a/connectors/gts/pom.xml b/connectors/gts/pom.xml
index 2e23293..5fbaeb1 100644
--- a/connectors/gts/pom.xml
+++ b/connectors/gts/pom.xml
@@ -199,7 +199,7 @@
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi</artifactId>
- <version>3.7</version>
+ <version>${poi.version}</version>
</dependency>
<!-- Testing dependencies -->
diff --git a/connectors/sharepoint/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/sharepoint/SPSProxyHelper.java b/connectors/sharepoint/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/sharepoint/SPSProxyHelper.java
index 8c8b2dc..cf88829 100644
--- a/connectors/sharepoint/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/sharepoint/SPSProxyHelper.java
+++ b/connectors/sharepoint/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/sharepoint/SPSProxyHelper.java
@@ -174,7 +174,15 @@
if ( roleName.length() == 0)
{
roleName = doc.getValue(node,"GroupName");
- roleSids = getSidsForGroup(userCall, roleName, activeDirectoryAuthority);
+ if (roleName != null && roleName.length() > 0)
+ {
+ roleSids = getSidsForGroup(userCall, roleName, activeDirectoryAuthority);
+ }
+ else
+ {
+ Logging.connectors.warn("SharePoint: Unrecognized permission collection entry: no role, no group: "+doc.getXML());
+ roleSids = new ArrayList<String>();
+ }
}
else
{
diff --git a/connectors/tika/pom.xml b/connectors/tika/pom.xml
index 3a96b07..3411b92 100644
--- a/connectors/tika/pom.xml
+++ b/connectors/tika/pom.xml
@@ -221,6 +221,33 @@
<artifactId>tika-parsers</artifactId>
<version>1.5</version>
</dependency>
+ <!-- Override tika dependencies, to make sure we fix various
+ CVE's -->
+ <dependency>
+ <groupId>org.apache.xmlbeans</groupId>
+ <artifactId>xmlbeans</artifactId>
+ <version>${xmlbeans.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.poi</groupId>
+ <artifactId>poi</artifactId>
+ <version>${poi.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.poi</groupId>
+ <artifactId>poi-ooxml</artifactId>
+ <version>${poi.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.poi</groupId>
+ <artifactId>poi-ooxml-schemas</artifactId>
+ <version>${poi.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.poi</groupId>
+ <artifactId>poi-scratchpad</artifactId>
+ <version>${poi.version}</version>
+ </dependency>
<!-- Testing dependencies -->
diff --git a/pom.xml b/pom.xml
index 58932fb..4641bd9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -75,6 +75,8 @@
<slf4j.version>1.7.7</slf4j.version>
<jaxb.version>2.2.6</jaxb.version>
<zookeeper.version>3.4.5</zookeeper.version>
+ <xmlbeans.version>2.6.0</xmlbeans.version>
+ <poi.version>3.10.1</poi.version>
</properties>
<modules>
