Update PDFBox to 2.0.23

cantaloupe-project · May 3, 2021 · afc311e · afc311e
1 parent 155de18
commit afc311e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/CHANGES.md b/CHANGES.md
@@ -9,6 +9,8 @@
   TIFF pyramid level to be selected, resulting in unnecessary scaling.
 * Fixed a bug whereby corrupt image data could be written to a derivative
   cache.
+* Updated the PDFBox dependency to address the following security
+  vulnerability: CVE-2021-27807, CVE-2021-27906.
 
 ## 4.1.8
 

diff --git a/pom.xml b/pom.xml
@@ -200,7 +200,7 @@
         <dependency>
             <groupId>org.apache.pdfbox</groupId>
             <artifactId>pdfbox</artifactId>
-            <version>2.0.15</version>
+            <version>2.0.23</version>
         </dependency>
         <!-- Assists PDFBox in decoding JBIG2-encoded images -->
         <dependency>