Comments (6)
No worries, thank you for the very prompt update! I see (after a short delay after sources were posted) docx2tex-1.7.3-release.zip is available and I confirm no vulnerabilities reported by logpresso-log4j2-scan-2.8.1.jar.
Fantastic open source cooperation. This is how it should work. :-)
from docx2tex.
Thank you for the report. I don't see a real attack scenario for docx2tex but will update log4j from 2.16.0 to 2.17.1 asap.
from docx2tex.
Just out of curiosity, do you run docx2tex as a Web service which could be affected by CVE-2021-45105?
from docx2tex.
This issue is fixed with v.1.7.3
from docx2tex.
Thanks for the update!
No, we don't run it as a web service. At least in our area of the US Gov, any vulnerable log4j jar files found are treated like a "live virus" and must be removed. While the "nuke it from orbit is the only way to be sure" is excessive, we must comply.
from docx2tex.
Thank you again for your report. The concern is totally reasonable, but it seems that I've lost track on the various log4j vulnerabilities at some point.
from docx2tex.
Related Issues (20)
- tabularray? HOT 1
- NoClassDefFoundError ? HOT 2
- Double Exponent - Brace Issue HOT 2
- Error: Could not create the Java Virtual Machine. HOT 4
- ole/wml equation can't transfer into tex, but \includegraphics HOT 4
- Unparseable command line argument: 'to'. HOT 17
- Space after formula HOT 5
- Incomplete heuristics for 'formula' HOT 3
- Chinese document error HOT 4
- run with windows HOT 8
- Can I control which files are exported? HOT 4
- Something wrong with table generation. HOT 5
- Mexican Spanish HOT 5
- "A sequence of more than one item is not allowed as the third argument of fn:concat()" while conversion from docx HOT 5
- Tranlation error probably related to nested tables HOT 2
- Could not load file:/mnt/c/docx2tex/conf/conf.csv HOT 3
- Issues in Overset and Double Exponents HOT 1
- Is it possible to change the inline math delimiter? HOT 4
- Convert to LaTeX only math formulas and the like HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docx2tex.