Created attachment 178189 [details]
Update to version 3.15
The most notable changes in this release are:
- Various improvements to HSSF and XSSF.
- XSSF performance improvements for large numbers of named ranges.
- Progress towards enums rather than ints for various types
(no breaking changes at this stage)
- CellStyle#BORDER_HAIR and #BORDER_DOTTED were swapped to correctly
reflect the official names and to be consistent with BorderStyle enum.
HAIR has smaller dots than DOTTED.
- Removal of deprecated classes and methods detailed on
A commit references this bug:
Date: Tue Mar 28 17:36:53 UTC 2017
New revision: 437143
textproc/apache-poi: update 3.14 -> 3.15
Submitted by: pfg
For the record ... The Apache software Foundation has issued:
CVE-2017-5644 - Possible DOS (Denial of Service) in Apache POI versions prior to 3.15.
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack. Users with applications which accept content from external or untrusted sources are advised to upgrade to Apache POI 3.15 or newer.
We are safe now, but maybe a vuxml entry is pertinent.