[Io7UetI2] Update org.apache.poi to 5.3.0 to mitigate CVE-2024-25710 …

…and CVE-2024-26308
neo4j-contrib · Sep 3, 2024 · f289cf8 · f289cf8
1 parent 7e6cf18
commit f289cf8
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 11 deletions.
diff --git a/docs/asciidoc/modules/ROOT/partials/xls-dependencies.adoc b/docs/asciidoc/modules/ROOT/partials/xls-dependencies.adoc
@@ -7,12 +7,12 @@ Once that file is downloaded, it should be placed in the `plugins` directory and
 Alternatively, you can download these jars from Maven Repository (putting them into `plugins` directory as well):
 
 .For XLS files:
-* https://repo1.maven.org/maven2/org/apache/poi/poi/5.1.0/poi-5.1.0.jar[poi-5.1.0.jar^]
+* https://repo1.maven.org/maven2/org/apache/poi/poi/5.3.0/poi-5.3.0.jar[poi-5.3.0.jar^]
 
 .Additional for XLSX files:
 * https://repo1.maven.org/maven2/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar[commons-collections4-4.4.jar^]
-* https://repo1.maven.org/maven2/org/apache/poi/poi-ooxml/5.1.0/poi-ooxml-5.1.0.jar[poi-ooxml-5.1.0.jar^]
-* https://repo1.maven.org/maven2/org/apache/poi/poi-ooxml-lite/5.1.0/poi-ooxml-lite-5.1.0.jar[poi-ooxml-lite-5.1.0.jar^]
+* https://repo1.maven.org/maven2/org/apache/poi/poi-ooxml/5.3.0/poi-ooxml-5.3.0.jar[poi-ooxml-5.3.0.jar^]
+* https://repo1.maven.org/maven2/org/apache/poi/poi-ooxml-lite/5.3.0/poi-ooxml-lite-5.3.0.jar[poi-ooxml-lite-5.3.0.jar^]
 * https://repo1.maven.org/maven2/org/apache/xmlbeans/xmlbeans/5.0.2/xmlbeans-5.0.2.jar[xmlbeans-5.0.2.jar^]
 * https://repo1.maven.org/maven2/com/github/virtuald/curvesapi/1.06/curvesapi-1.06.jar[curvesapi-1.06.jar^]
 
diff --git a/extra-dependencies/xls/build.gradle b/extra-dependencies/xls/build.gradle
@@ -20,9 +20,9 @@ jar {
 }
 
 dependencies {
-    implementation group: 'org.apache.poi', name: 'poi', version: '5.1.0'
-    implementation group: 'org.apache.poi', name: 'poi-ooxml-lite', version: '5.1.0'
-    implementation group: 'org.apache.poi', name: 'poi-ooxml', version: '5.1.0' , {
+    implementation group: 'org.apache.poi', name: 'poi', version: '5.3.0'
+    implementation group: 'org.apache.poi', name: 'poi-ooxml-lite', version: '5.3.0'
+    implementation group: 'org.apache.poi', name: 'poi-ooxml', version: '5.3.0' , {
         exclude group: 'org.apache.commons', module: 'commons-compress' 
     }
     implementation group: 'org.apache.xmlbeans', name: 'xmlbeans', version: '5.0.2'

diff --git a/full/build.gradle b/full/build.gradle
@@ -64,10 +64,10 @@ dependencies {
     // compileOnly "org.antlr:antlr4-runtime:4.7.2"
     // testCompile "org.antlr:antlr4-runtime:4.7.2"
 
-    compileOnly "org.apache.poi:poi:5.1.0"
-    testImplementation "org.apache.poi:poi:5.1.0"
-    compileOnly "org.apache.poi:poi-ooxml:5.1.0"
-    testImplementation "org.apache.poi:poi-ooxml:5.1.0"
+    compileOnly "org.apache.poi:poi:5.3.0"
+    testImplementation "org.apache.poi:poi:5.3.0"
+    compileOnly "org.apache.poi:poi-ooxml:5.3.0"
+    testImplementation "org.apache.poi:poi-ooxml:5.3.0"
 
     implementation 'org.jsoup:jsoup:1.15.3'
 

diff --git a/full/src/main/java/apoc/export/xls/ExportXlsHandler.java b/full/src/main/java/apoc/export/xls/ExportXlsHandler.java
@@ -64,7 +64,7 @@
 public class ExportXlsHandler {
     public static final String XLS_MISSING_DEPS_ERROR =
             "Cannot find the needed jar into the plugins folder in order to use . \n"
-                    + "Please see the documentation: https://neo4j.com/labs/apoc/5/overview/apoc.export/apoc.export.xls.all/#_install_dependencies";
+                    + "Please see the documentation: https://neo4j.com/labs/apoc/4.4/overview/apoc.export/apoc.export.xls.all/#_install_dependencies";
 
     public static Stream<ProgressInfo> getProgressInfoStream(
             String fileName,