Awesome. That's good to hear. Thanks for the feedback, helix.
Regards,
On Sun, Sep 11, 2016 at 11:03 PM, helix84 wrote:
> Hi Alan, I filed a (non-public) security issue when it was first
> reported. Seems like an easy fix to just upgrade pdfbox, but we'll
> still have to test it before we releas
Hi Alan, I filed a (non-public) security issue when it was first
reported. Seems like an easy fix to just upgrade pdfbox, but we'll
still have to test it before we release it in stable updates. Don't
worry, it's not getting overlooked.
Regards,
~~helix84
Compulsory reading: DSpace Mailing List E
Any DSpace committer want to comment on this? There are security
vulnerabilities in the PDF library DSpace uses, and DSpace is used in
an environment where users upload arbitrary PDFs to be processed by
the system...
On Thu, Sep 8, 2016 at 3:18 PM, Alan Orth wrote:
> Good catch, Seth. I bumped up
Good catch, Seth. I bumped up the versions of all three pdfbox
components from 1.8.7 to 1.8.12 on our DSpace 5.1 instance and DSpace
builds and runs fine. I haven't done any other tests, though.
Cheers,
On Wed, Sep 7, 2016 at 10:01 PM, Seth Robbins wrote:
> Hi All,
> I thought I'd bring this to
Hi All,
I thought I'd bring this to the attention of the community:
There appears to be a vulnerability in the version of PDFBox that Dspace is
set to use (2.0.0, 1.8.7).
https://pdfbox.apache.org/
Looks like the most recent versions, 2.0.1 and 1.8.12, are patched.
I'm looking into bumping ou