Plutext

forums
https://www.docx4java.org/forums/

Update to Apache XML Graphics Commons » 2.8 !

https://www.docx4java.org/forums/docx-java-f6/update-to-apache-xml-graphics-commons-2-8-t3085.html

Page 1 of 1

Update to Apache XML Graphics Commons » 2.8 !

PostPosted: Tue Mar 21, 2023 9:56 pm
by Lars
Hello,

will docx4J be provided in a 8.x Version which uses Apache XML Graphics Commons in version 2.8?

The problem ist:
docx4j core in Version 8.3.9 uses Apache XML Graphics Commons "xmlgraphics-commons" 2.7 which uses commons-io 1.3.1 which has a vulnerability, see:
https://mvnrepository.com/artifact/comm ... s-io/1.3.1

Please provide a docx4j 8.3.10 which is updated.

Thnaks,
Lars

Re: Update to Apache XML Graphics Commons » 2.8 !

PostPosted: Sat Apr 08, 2023 11:04 am
by jason
Hi Lars

Actually Apache XML Graphics Commons "xmlgraphics-commons" 2.7 has no deps: https://central.sonatype.com/artifact/o ... pendencies and 0 reported vulnerabilites

And we use commons-io 2.x: https://github.com/plutext/docx4j/blob/ ... m.xml#L281

That said, I've just bumped 2.7 to 2.8 in the 11.4.10 branch; and commons-io to 2.11.0; this should make its way to 8.3.10 in due course.

https://github.com/plutext/docx4j/commi ... 414ecc0bf6

cheers .. Jason
All times are UTC + 10 hours [ DST ]
Page 1 of 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/