poi-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "davidedillard@gmail.com"<davidedill...@gmail.com>
Subject Re: [ANNOUNCE] Apache POI 3.17 released
Date Mon, 18 Sep 2017 16:40:21 GMT
On 2017-09-16 18:06, Andreas Beeker <kiwiwings@apache.org> wrote: 
> The Apache POI project is pleased to announce the release of POI 3.17.
> Featured are a handful of new areas of functionality, and numerous bug fixes.
> Changes
> ------------
> The most notable changes in this release are:
> - Various modules: add sanity checks and fix infinite loops / OOMs caused by fuzzed data

I've looked through the specific changes and several appear to be vulnerabilities (e.g. 61294
and 61300 among others).  Is the POI project planning to get CVEs for these issues?  If not,
I'm happy to get them myself.  It makes the world a better place :-)



To unsubscribe, e-mail: user-unsubscribe@poi.apache.org
For additional commands, e-mail: user-help@poi.apache.org

View raw message