Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2021-27807 and CVE-2021-27906 #675

Closed
Samuel3 opened this issue Mar 22, 2021 · 1 comment
Closed

CVE-2021-27807 and CVE-2021-27906 #675

Samuel3 opened this issue Mar 22, 2021 · 1 comment

Comments

@Samuel3
Copy link

Samuel3 commented Mar 22, 2021

https://seclists.org/oss-sec/2021/q1/247
https://seclists.org/oss-sec/2021/q1/248

Can you please update Apache PDF Box Version to 2.0.23?
danfickle added a commit that referenced this issue Mar 22, 2021
@danfickle
#675 Update PDF-BOX to 2.0.23 due to new CVEs
883d0a0 
NOTE: These CVEs relate to the loading of untrusted PDFs in PDFBOX and thus this project is not directly affected. However, it is not a good idea to have CVEs on your classpath.

Thanks for reporting @Samuel3. Release in the next few hours.
@danfickle
Copy link
Owner

1.0.8 with PDFBOX 2.0.23 was just released. Thanks for reporting!

@danfickle danfickle mentioned this issue Mar 22, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danfickle @Samuel3