Update NekoHTML dependency to v.2.0.2

radkovo / CSSBox

CSSBox is an (X)HTML/CSS rendering engine written in pure Java. Its primary purpose is to provide a complete information about the rendered page suitable for further processing. However, it also allows displaying the rendered document.

http://cssbox.sourceforge.net/

GNU Lesser General Public License v3.0

234 stars 76 forks source link

Update NekoHTML dependency to v.2.0.2 #79

Closed jseric23 closed 1 year ago

jseric23 commented 1 year ago

Update to NekoHTML library v.2.0.2 due to discovered security vulnerabilities with NekoHTML library v.1.9.22. Black Duck scanning v.2.0.2 shows no known security vulnerabilities up to this day. We are using CSSBox library as one of our dependencies for printing the html documents and recently there was a vulnerability discovered with it's dependency library NekoHTML. This fix would enable us to continue using the CSSBox library.

radkovo commented 1 year ago

Merged. Thanks!

jseric23 commented 1 year ago

Great, thanks! When can we expect the next release with merged change?

radkovo commented 1 year ago

I could do that within one week.

radkovo commented 1 year ago

I have released cssbox-5.0.1 today.

jseric23 commented 1 year ago

Great, thank you very much!