Altova StyleVision and upgrade to FOP 2.2 (CVE-2017-5661)

166 views Asked by At

I'm using StyleVision 2010 (Update 2) and embedded in my application FOP 0.95 and the libs:

batik-all-1.7.jar xalan-2.7.0.jar xmlgraphics-commons-1.3.1.jar avalon-framework-4.2.0.jar commons-io-1.3.1.jar commons-logging-1.0.4.jar jai_imageio.jar serializer-2.7.0.jar xercesImpl-2.7.1.jar xml-apis-1.3.04.jar xml-apis-ext-1.3.04.jar

Doing a security check on the libs I discovered High level vulnerabilities on FOP before 2.2 (CVE-2017-5661 with CVSS 7) and in other 3 libs (batik, xalan, xmlgraphics-common).

Checked StyleVision 2017 distribution the FOP-related high security problem are not resolved: the still use libs with high (and medium) security issues

batik-all-1.7.jar
fop.jar (1.1)
xalan-2.7.0.jar xmlgraphics-commons-1.5.jar

The solution could be to upgrade to FOP 2.2 distribution, but this version seems not already supported by StyleVision last version.

Any suggestion?

0

There are 0 answers