Hi everyone, Apache Batik 1.16 has been released and contains a security fix [1].
As with the Batik 1.15 release, there is no plan for a poi-ooxml release just to upgrade the dependency. Batik is an optional dependency. POI users can simply update their own builds to use the newer Batik jars. This should be a smooth upgrade. Regards, PJ [1] https://lists.apache.org/thread/xsghwkk5dgrcyg5hyncsqjwvllr31gps On Thursday 22 September 2022 at 16:50:14 IST, PJ Fanning <[email protected]> wrote: Hi everyone, Apache Batik [1] is used by Apache POI to work with SVG pictures that can be embedded in Microsoft documents. It is an optional dependency of poi-ooxml and it appears that we only support it in the XSLF packages for pptx files. Batik 1.15 has just been released and contains a number of security fixes. [2] [3] [4] We recommend that all users who use the Batik support in poi-ooxml upgrade to Batik 1.15. We do not expect that anyone upgrading from batik 1.14 to 1.15 will see any issues. There is no plan to do a special POI release because this an optional dependency. [1] https://xmlgraphics.apache.org/batik/ [2] https://lists.apache.org/thread/s1jobjxpljx4oygfqjqqfrohnfyyhlbq [3] https://lists.apache.org/thread/lnh1tnc8gh9r4vh69x3nljcx55v43tcj [4] https://lists.apache.org/thread/zx2jjvdow82p058sovr5qnxprsq87rg7 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
