Yes, it is (you must be using FOP-1.1 or earlier if you have the 1.7 jar). You can replace it by version 1.7.1 if you wish. Version 1.7.1 is the same as 1.7 but for the CVE-2015-0250 fix.
On 6/26/15 11:04 AM, Vincent Timoney wrote:
Hi, In relation to CVE-2015-0250: The Apache FOP project contains a version of Batik called batik-all-1.7.jar. Is this affected that the above CVE? Regards, Vinnie Vincent Timoney Security Engineer --------------------------------------------------------------------- To unsubscribe, e-mail: fop-users-unsubscr...@xmlgraphics.apache.org For additional commands, e-mail: fop-users-h...@xmlgraphics.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: fop-users-unsubscr...@xmlgraphics.apache.org For additional commands, e-mail: fop-users-h...@xmlgraphics.apache.org