[Git][java-team/libsejda-java][upstream] New upstream version 4.2.11

Markus Koschany (@apo) gitlab at salsa.debian.org
Sat Dec 25 20:58:22 GMT 2021



Markus Koschany pushed to branch upstream at Debian Java Maintainers / libsejda-java


Commits:
cd824b68 by Markus Koschany at 2021-12-25T21:54:26+01:00
New upstream version 4.2.11
- - - - -


12 changed files:

- .github/workflows/maven.yml
- pom.xml
- sejda-conversion/pom.xml
- sejda-core/pom.xml
- sejda-distribution/pom.xml
- sejda-docs/pom.xml
- sejda-fonts/pom.xml
- sejda-image-writers/pom.xml
- sejda-model/pom.xml
- sejda-model/src/test/java/org/sejda/model/validation/validator/PdfVersionValidatorTest.java
- sejda-sambox/pom.xml
- sejda-sambox/src/main/java/org/sejda/impl/sambox/SetMetadataTask.java


Changes:

=====================================
.github/workflows/maven.yml
=====================================
@@ -1,5 +1,4 @@
-
-name: Build with JDK matrix
+name: build
 
 on:
   push:
@@ -10,20 +9,16 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        java: ['8', '11', '16', '17-ea']
+        java: ['8', '11', '17']
     name: JDK ${{ matrix.java }}
 
     steps:
     - uses: actions/checkout at v2
     - name: Set up JDK
-      uses: actions/setup-java at v1
+      uses: actions/setup-java at v2
       with:
         java-version: ${{ matrix.java }}
-    - uses: actions/cache at v1
-      with:
-        path: ~/.m2/repository
-        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-        restore-keys: |
-          ${{ runner.os }}-maven-
+        distribution: 'temurin'
+        cache: 'maven'
     - name: Build with Maven
-      run: mvn -V -B package --file pom.xml
+      run: mvn --batch-mode --update-snapshots verify


=====================================
pom.xml
=====================================
@@ -6,7 +6,7 @@
 	<artifactId>sejda-parent</artifactId>
 	<packaging>pom</packaging>
 	<name>sejda</name>
-	<version>4.2.9</version>
+	<version>4.2.11</version>
 	<description>An extendible and configurable PDF manipulation layer library. A ready to use java library to perform PDF documents manipulation without having to deal with the low level API. Sejda offers many "ready to go" manipulations implemented using the SAMBox but it can be extended to use other implementations.</description>
 
 	<organization>
@@ -32,7 +32,7 @@
 		<connection>scm:git:git at github.com:torakiki/sejda.git</connection>
 		<developerConnection>scm:git:git at github.com:torakiki/sejda.git</developerConnection>
 		<url>scm:git:git at github.com:torakiki/sejda.git</url>
-		<tag>v4.2.9</tag>
+		<tag>v4.2.11</tag>
 	</scm>
 
 	<developers>
@@ -62,7 +62,6 @@
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-toolchains-plugin</artifactId>
-						<version>3.0.0</version>
 						<executions>
 							<execution>
 								<goals>
@@ -88,7 +87,6 @@
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-javadoc-plugin</artifactId>
-						<version>3.0.1</version>
 						<executions>
 							<execution>
 								<id>attach-javadocs</id>
@@ -106,7 +104,6 @@
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-release-plugin</artifactId>
-						<version>2.5.3</version>
 						<configuration>
 							<tagNameFormat>v@{project.version}</tagNameFormat>
 							<preparationGoals>clean install</preparationGoals>
@@ -267,17 +264,52 @@
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-assembly-plugin</artifactId>
-					<version>3.1.1</version>
+					<version>3.3.0</version>
 				</plugin>
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-jar-plugin</artifactId>
-					<version>3.1.2</version>
+					<version>3.2.0</version>
 				</plugin>
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-gpg-plugin</artifactId>
-					<version>1.6</version>
+					<version>3.0.1</version>
+				</plugin>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-release-plugin</artifactId>
+					<version>3.0.0-M4</version>
+				</plugin>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-compiler-plugin</artifactId>
+					<version>3.8.1</version>
+				</plugin>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-source-plugin</artifactId>
+					<version>3.2.0</version>
+				</plugin>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-surefire-plugin</artifactId>
+					<version>3.0.0-M5</version>
+				</plugin>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-resources-plugin</artifactId>
+					<version>3.2.0</version>
+				</plugin>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-clean-plugin</artifactId>
+					<version>3.1.0</version>
+				</plugin>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-toolchains-plugin</artifactId>
+					<version>3.0.0</version>
 				</plugin>
 				<plugin>
 					<groupId>org.sonatype.plugins</groupId>
@@ -293,7 +325,7 @@
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-javadoc-plugin</artifactId>
-					<version>3.0.1</version>
+					<version>3.3.1</version>
 				</plugin>
 			</plugins>
 		</pluginManagement>
@@ -302,7 +334,6 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.8.1</version>
 				<configuration>
 					<source>1.8</source>
 					<target>1.8</target>
@@ -311,7 +342,6 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-source-plugin</artifactId>
-				<version>3.1.0</version>
 				<executions>
 					<execution>
 						<id>attach-sources</id>
@@ -321,11 +351,6 @@
 					</execution>
 				</executions>
 			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-surefire-plugin</artifactId>
-				<version>3.0.0-M3</version>
-			</plugin>
 		</plugins>
 	</build>
 
@@ -355,20 +380,20 @@
 		<sejda.commons.version>1.1.7</sejda.commons.version>
 		<junit.version>4.13.1</junit.version>
 		<slf4j.version>1.7.30</slf4j.version>
-		<commons.lang.version>3.9</commons.lang.version>
-		<commons.io.version>2.7</commons.io.version>
+		<commons.lang.version>3.12.0</commons.lang.version>
+		<commons.io.version>2.11.0</commons.io.version>
 		<validation.api.version>1.0.0.GA</validation.api.version>
-		<mockito.version>3.0.0</mockito.version>
-		<logback.version>1.2.3</logback.version>
+		<mockito.version>4.1.0</mockito.version>
+		<logback.version>1.2.8</logback.version>
 		<jdepend.version>2.9.1</jdepend.version>
 		<hibernate-validator.version>4.2.0.Final</hibernate-validator.version>
 		<hamcrest.version>1.3</hamcrest.version>
-		<sambox.version>2.3.1</sambox.version>
+		<sambox.version>2.3.4</sambox.version>
 		<sejda.io.version>2.1.3</sejda.io.version>
-		<bouncycastle.version>1.69</bouncycastle.version>
-		<twelvemonkeys.version>3.4.2</twelvemonkeys.version>
-		<metadata-extractor.version>2.15.0</metadata-extractor.version>
-		<thumbnailator.version>0.4.13</thumbnailator.version>
+		<bouncycastle.version>1.70</bouncycastle.version>
+		<twelvemonkeys.version>3.8.0</twelvemonkeys.version>
+		<metadata-extractor.version>2.16.0</metadata-extractor.version>
+		<thumbnailator.version>0.4.15</thumbnailator.version>
 		<!-- so that build is not platform dependent via encoding -->
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<timestamp>${maven.build.timestamp}</timestamp>


=====================================
sejda-conversion/pom.xml
=====================================
@@ -10,7 +10,7 @@
 	<parent>
 		<groupId>org.sejda</groupId>
 		<artifactId>sejda-parent</artifactId>
-		<version>4.2.9</version>
+		<version>4.2.11</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	


=====================================
sejda-core/pom.xml
=====================================
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.sejda</groupId>
 		<artifactId>sejda-parent</artifactId>
-		<version>4.2.9</version>
+		<version>4.2.11</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 


=====================================
sejda-distribution/pom.xml
=====================================
@@ -10,7 +10,7 @@
 	<parent>
 		<groupId>org.sejda</groupId>
 		<artifactId>sejda-parent</artifactId>
-		<version>4.2.9</version>
+		<version>4.2.11</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 


=====================================
sejda-docs/pom.xml
=====================================
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.sejda</groupId>
 		<artifactId>sejda-parent</artifactId>
-		<version>4.2.9</version>
+		<version>4.2.11</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 


=====================================
sejda-fonts/pom.xml
=====================================
@@ -10,7 +10,7 @@
 	<parent>
 		<groupId>org.sejda</groupId>
 		<artifactId>sejda-parent</artifactId>
-		<version>4.2.9</version>
+		<version>4.2.11</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	


=====================================
sejda-image-writers/pom.xml
=====================================
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>org.sejda</groupId>
 		<artifactId>sejda-parent</artifactId>
-		<version>4.2.9</version>
+		<version>4.2.11</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 


=====================================
sejda-model/pom.xml
=====================================
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>org.sejda</groupId>
 		<artifactId>sejda-parent</artifactId>
-		<version>4.2.9</version>
+		<version>4.2.11</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 


=====================================
sejda-model/src/test/java/org/sejda/model/validation/validator/PdfVersionValidatorTest.java
=====================================
@@ -21,7 +21,7 @@ package org.sejda.model.validation.validator;
 
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
-import static org.mockito.Matchers.anyString;
+import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;


=====================================
sejda-sambox/pom.xml
=====================================
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>org.sejda</groupId>
 		<artifactId>sejda-parent</artifactId>
-		<version>4.2.9</version>
+		<version>4.2.11</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 


=====================================
sejda-sambox/src/main/java/org/sejda/impl/sambox/SetMetadataTask.java
=====================================
@@ -45,10 +45,7 @@ import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpressionException;
-import javax.xml.xpath.XPathFactory;
+import javax.xml.xpath.*;
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
@@ -155,10 +152,20 @@ public class SetMetadataTask extends BaseTask<SetMetadataParameters> {
 
     }
     
+    private XPathFactory newXPathFactory() {
+        try {
+            XPathFactory f = XPathFactory.newInstance();
+            f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            return f;
+        } catch (XPathFactoryConfigurationException e) {
+            throw new RuntimeException(e);
+        }
+    }
+    
     private void setDate(String path, Document document, Calendar calendar) throws XPathExpressionException {
         SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
         dateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
-        XPath xPath = XPathFactory.newInstance().newXPath();
+        XPath xPath = newXPathFactory().newXPath();
         Node node = (Node) xPath.compile(path).evaluate(document, XPathConstants.NODE);
         if(node != null) {
             String value = "";
@@ -170,7 +177,7 @@ public class SetMetadataTask extends BaseTask<SetMetadataParameters> {
     }
 
     private void setText(String path, Document document, String value) throws XPathExpressionException {
-        XPath xPath = XPathFactory.newInstance().newXPath();
+        XPath xPath = newXPathFactory().newXPath();
         Node node = (Node) xPath.compile(path).evaluate(document, XPathConstants.NODE);
         if(node != null) {
             if(value == null) {
@@ -184,6 +191,14 @@ public class SetMetadataTask extends BaseTask<SetMetadataParameters> {
         try {
             DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
             f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            f.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            //f.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+            f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+            f.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            f.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            f.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+            f.setXIncludeAware(false);
+            f.setExpandEntityReferences(false);
 
             DocumentBuilder b = f.newDocumentBuilder();
             Document document = b.parse(catalog.getMetadata().createInputStream());
@@ -203,6 +218,9 @@ public class SetMetadataTask extends BaseTask<SetMetadataParameters> {
 
             // write the DOM object to the file
             TransformerFactory transformerFactory = TransformerFactory.newInstance();
+            transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
 
             Transformer transformer = transformerFactory.newTransformer();
             StringWriter writer = new StringWriter();



View it on GitLab: https://salsa.debian.org/java-team/libsejda-java/-/commit/cd824b68b902359c2b2c2a317a2649426f983a3e

-- 
View it on GitLab: https://salsa.debian.org/java-team/libsejda-java/-/commit/cd824b68b902359c2b2c2a317a2649426f983a3e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20211225/2d861438/attachment.htm>


More information about the pkg-java-commits mailing list