GitHub user rwegmann opened a pull request:
https://github.com/apache/poi/pull/10
Improvements to temporary file handling
A set of commits that allow to override the way temporary files are created
(see https://issues.apache.org/bugzilla/show_bug.cgi?id=56735).
There are two small API changes related to what I see as possible race
condition vulnerability when creating temporary files:
- org.apache.poi.util.TempFile.createTempFile() now throws an IOException
- I deleted the org.apache.poi.util.PackageHelper.createTempFile() method
as it is not used by POI and actively would re-enable the race condition
vulnerability.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/rwegmann/poi trunk
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/poi/pull/10.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #10
commit 87dc52dbfd3066e69ae0e05c0622994e5619496a
Author: Raúl Wegmann raul.wegm...@qrr.es
Date: 2014-07-18T19:40:14Z
Use org.apache.poi.util.TempFile in SXSSF.
commit c399d98a4bcdb6cf02b0635f460a4b26815c3021
Author: Raúl Wegmann raul.wegm...@qrr.es
Date: 2014-07-18T19:54:51Z
Fix possible race condition vulnerability when creating temporary files.
commit d9f88d6be1e496e3698cd59cb564c9d5384d2533
Author: Raúl Wegmann raul.wegm...@qrr.es
Date: 2014-07-18T20:09:58Z
Provide a way to override the way temporary files are created.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
-
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org
