[PDFBOX-3865] Add OWASP dependency-check to build - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.8.13, 2.0.6, 3.0.0 PDFBox
Fix Version/s: 1.8.14, 2.0.7, 3.0.0 PDFBox
Component/s: None
Labels:
- build
- maven

Description

https://github.com/jeremylong/dependency-check-gradle#current-release
checks the build against known security issues. I tried it with a project that linked pdfbox 2.0.0 (has XXE vulnerability) and yes, the build stopped.

Because the database needs 400MB in the repository we'll run it only in "pedantic" mode, i.e. for the jenkins builds.

Attachments

Activity

People

Assignee:: Tilman Hausherr

Reporter:: Tilman Hausherr

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Jul/17 15:13

Updated:: 21/Jul/17 04:40

Resolved:: 11/Jul/17 17:15