ICEfaces
  1. ICEfaces
  2. ICE-11568

Update POI library to version 5.5.0

          Details

          • Type: Improvement Improvement
          • Status: Resolved
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: EE-4.3.0.GA_P06, EE-3.3.0.GA_P12
          • Fix Version/s: EE-4.3.0.GA_P07, EE-3.3.0.GA_P13
          • Component/s: ACE-Components
          • Labels:
            None
          • Environment:
            Any

            Description

            A new Apache POI library version (5.5.0) was just released, and it would be a good improvement to update this library in our codebase as well as all its dependencies. A vulnerability CVE-2025-31672 was reported this year affecting our current version of the POI library. Even though, this vulnerability doesn't affect our components, it would be best to have fresh versions of the POI library and all its dependencies.

              Activity

              Hide
              Permalink
              Arturo Zambrano added a comment -

              The POI library was updated in our codebase to the 5.5.0 version as well as its dependencies (at revision 53617).

              This is the list of jars that were removed:

              • poi-5.3.0.jar
              • poi-ooxml-full-5.3.0.jar
              • poi-ooxml-5.3.0.jar
              • commons-codec-1.17.0.jar
              • commons-collections4-4.4.jar
              • commons-compress-1.26.2.jar
              • commons-io-2.16.1.jar
              • xmlbeans-5.2.1.jar
              • log4j-api-2.23.1.jar
              • log4j-core-2.23.1.jar

              This is the list of jars that were added:

              • poi-5.5.0.jar
              • poi-ooxml-full-5.5.0.jar
              • poi-ooxml-5.5.0.jar
              • commons-codec-1.19.0.jar
              • commons-collections4-4.5.jar
              • commons-compress-1.28.jar
              • commons-io-2.20.jar
              • xmlbeans-5.3.jar
              • log4j-api-2.24.3.jar
              • log4j-core-2.24.3.jar

              The dependencies that were updated were determined from this page: https://poi.apache.org/changes.html

              Show
              Arturo Zambrano added a comment - The POI library was updated in our codebase to the 5.5.0 version as well as its dependencies (at revision 53617). This is the list of jars that were removed: poi-5.3.0.jar poi-ooxml-full-5.3.0.jar poi-ooxml-5.3.0.jar commons-codec-1.17.0.jar commons-collections4-4.4.jar commons-compress-1.26.2.jar commons-io-2.16.1.jar xmlbeans-5.2.1.jar log4j-api-2.23.1.jar log4j-core-2.23.1.jar This is the list of jars that were added: poi-5.5.0.jar poi-ooxml-full-5.5.0.jar poi-ooxml-5.5.0.jar commons-codec-1.19.0.jar commons-collections4-4.5.jar commons-compress-1.28.jar commons-io-2.20.jar xmlbeans-5.3.jar log4j-api-2.24.3.jar log4j-core-2.24.3.jar The dependencies that were updated were determined from this page: https://poi.apache.org/changes.html

                People

                • Assignee:
                  Arturo Zambrano
                  Reporter:
                  Arturo Zambrano
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: