Closed joe-sharp closed 3 weeks ago
Hello!
If you update to MPXJ >= 13.1.0, you'll be using POI 5.3.0 which brings in commons-io 2.16.1 which has the fix for the CVE you mention. I'd actually recommend the latest version of MPXJ (13.5.1) which fixes a separate CVE, so you should be warning free at that point.
@joniles gotcha ok we will upgrade asap. We started working on it but I saw references to the old version searching your repository on GitHub so it looked unaddressed. Sorry for the noise!
Hi Jon, hope you have been well!
Docker is flagging a vulnerability on containers using mpxj. CVE-2024-47554 affects
commons-io
at version 2.11.0 and is fixed in 2.14.0. Happy to try and open a PR to address this if you don't have the time. Thanks!