Update org.apache.pdfbox:pdfbox to avoid vulnerability

Question

Update org.apache.pdfbox:pdfbox to avoid vulnerability

Closed this issue 6 years ago · 1 comments

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. Check link.

We use this lib for testing, so it is better to upgrade org.apache.pdfbox:pdfbox to version 1.8.16 or later. For example:

org.apache.pdfbox pdfbox [1.8.16,)

jhonnymertz commented 6 years ago

fixed