Uploaded image for project: 'Maven Doxia'
  1. Maven Doxia
  2. DOXIA-593

Upgrade to Apache FOP 2.3

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.9
    • None
    • None

    Description

      Upgrade to FOP 2.3 to address the security issue in Batik CVE-2018-8013 

      org.apache.xmlgraphics:batik-dom is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as display, generation or manipulation.

      Affected versions of this package are vulnerable to Information Exposure during deserialization. When deserializing a subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class.

      Upgrade org.apache.xmlgraphics:batik-dom to version 1.10 or higher.

      Upgrade to FontBox 2.0.12 due to CVE-2018-8036 

      Found with Snyk.io

      Attachments

        Issue Links

          Activity

            People

              slachiewicz Sylwester Lachiewicz
              slachiewicz Sylwester Lachiewicz
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: