commit e1e7c2a4d3dd79e500103ed1d9ee29ea7237a498
author Jacques Le Roux <jacques.le.roux@les7arts.com> Sun Jun 13 09:16:16 2021 +0200
committer Jacques Le Roux <jacques.le.roux@les7arts.com> Sun Jun 13 09:16:16 2021 +0200
tree c7057b64c2a90bb0a46dc9e59a2add4aa13a636f
parent f0ee9218736fa98176d1712f62178b7359ccd6ab

Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)

CVE-2021-31811: A carefully crafted PDF file can trigger an OutOfMemory-Exception
while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

CVE-2021-31812: a carefully crafted PDF file can trigger an infinite loop while
loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

build.gradle

diff --git a/build.gradle b/build.gradle
index 0739140..71dd7e0 100644
--- a/build.gradle
+++ b/build.gradle
@@ -173,7 +173,7 @@
     compile 'org.apache.shiro:shiro-core:1.4.0'
     compile 'org.apache.tika:tika-core:1.26'
     compile 'org.apache.tika:tika-parsers:1.26'
-    compile 'org.apache.pdfbox:pdfbox:2.0.23'
+    compile 'org.apache.pdfbox:pdfbox:2.0.24'
     compile 'org.apache.poi:poi:3.17'
     compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.43'
     compile 'org.apache.tomcat:tomcat-catalina:9.0.43'