diff options
| -rw-r--r-- | pdf-as-lib/build.gradle | 2 | ||||
| -rw-r--r-- | pdf-as-pdfbox-2/build.gradle | 2 | ||||
| -rw-r--r-- | pdf-as-web/build.gradle | 2 |
3 files changed, 4 insertions, 2 deletions
diff --git a/pdf-as-lib/build.gradle b/pdf-as-lib/build.gradle index 6adbcc7e..cf15a9c8 100644 --- a/pdf-as-lib/build.gradle +++ b/pdf-as-lib/build.gradle @@ -70,7 +70,7 @@ dependencies { api group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1' api group: 'com.google.code.gson', name: 'gson', version: '2.8.6' api group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.6' - api group: 'commons-io', name: 'commons-io', version: '2.8' + api group: 'commons-io', name: 'commons-io', version: '2.8.0' api group: 'org.glassfish.jaxb', name: 'jaxb-runtime', version: '2.3.3' api 'org.apache.commons:commons-collections4:4.4' api group: 'ognl', name: 'ognl', version: '3.2.19' diff --git a/pdf-as-pdfbox-2/build.gradle b/pdf-as-pdfbox-2/build.gradle index cb5ff296..606ebc70 100644 --- a/pdf-as-pdfbox-2/build.gradle +++ b/pdf-as-pdfbox-2/build.gradle @@ -36,7 +36,7 @@ dependencies { api group: 'org.apache.pdfbox', name: 'pdfbox', version: '2.0.24' api group: 'org.apache.pdfbox', name: 'pdfbox-tools', version: '2.0.24' api group: 'org.apache.pdfbox', name: 'preflight', version: '2.0.24' - implementation group: 'commons-io', name: 'commons-io', version: '2.8' + implementation group: 'commons-io', name: 'commons-io', version: '2.8.0' implementation group: 'ognl', name: 'ognl', version: '3.2.19' testImplementation group: 'junit', name: 'junit', version: '4.+' diff --git a/pdf-as-web/build.gradle b/pdf-as-web/build.gradle index 3d43861b..4752ed67 100644 --- a/pdf-as-web/build.gradle +++ b/pdf-as-web/build.gradle @@ -52,6 +52,8 @@ dependencies { api project (':pdf-as-web-status') api project (':pdf-as-web-statistic-api') api group: 'commons-fileupload', name: 'commons-fileupload', version: '1.4' + // Upgrade dependency of commons-fileupload from 2.2 to 2.8.0 to avoid CVE-2021-29425 + api group: 'commons-io', name: 'commons-io', version: '2.8.0' api group: 'opensymphony', name: 'sitemesh', version: '2.4.2' api group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1' api group: 'javax.xml.ws', name: 'jaxws-api', version: '2.3.1' |