Update pom.xml: bump dependency.poi.version to 5.4.1 to fix POI OOXML 5.2.5 vulnerability

This commit is contained in:
Amedeo Lepore 2025-04-24 14:52:29 +02:00 committed by GitHub
parent 0c534f1081
commit c4461d8e49
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -26,7 +26,7 @@
<env.project_version>${project.version}</env.project_version>
<dependency.jackson.version>2.18.2</dependency.jackson.version>
<dependency.tika.version>2.9.2</dependency.tika.version>
<dependency.poi.version>5.2.5</dependency.poi.version>
<dependency.poi.version>5.4.1</dependency.poi.version>
<dependency.imaging.version>1.0.0-alpha5</dependency.imaging.version>
<dependency.snakeyaml.version>2.3</dependency.snakeyaml.version>
<!-- The override can be removed when logback version in spring-boot-starter-parent is updated and free of vulnerabilities -->