Bug 63857

Summary: Can we upgrade ant 1.8.2 to ant-1.9.12 while using poi 4.0.1 ?
Product: POI Reporter: Sushmita Nag <snag>
Component: POI OverallAssignee: POI Developers List <dev>
Severity: normal    
Priority: P2    
Version: 4.0.1-FINAL   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description Sushmita Nag 2019-10-17 09:40:37 UTC
hi Team,

This is more of a query. This is regarding a Security issue raised internally in our team related to usage of ant version lower than 1.9.12 version. As we know poi-excelant-4.0.1 is dependent on ant-1.8.2, hence, i would like to know if we upgrade ant-1.8.2 to ant-1.9.12, is it fine ?

Could you please let us know ?

Comment 1 Nick Burch 2019-10-17 10:05:08 UTC
Are you making use of the ExcelAnt integration? If not, just exclude the poi-excelant and dependencies from your project. It isn't required for most POI functionality, just the ant-based testing of excel file contents <https://poi.apache.org/components/spreadsheet/excelant.html>
Comment 2 Dominik Stadler 2019-11-02 13:37:55 UTC
You should be able to simply override the dependency on Ant if you cannot exclude it as Nick described. We are testing with versions up to 1.10 in CI and locally.