Bug 63857 - Can we upgrade ant 1.8.2 to ant-1.9.12 while using poi 4.0.1 ?
Summary: Can we upgrade ant 1.8.2 to ant-1.9.12 while using poi 4.0.1 ?
Status: RESOLVED WORKSFORME
Alias: None
Product: POI
Classification: Unclassified
Component: POI Overall (show other bugs)
Version: 4.0.1-FINAL
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: POI Developers List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-10-17 09:40 UTC by Sushmita Nag
Modified: 2019-11-02 13:37 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sushmita Nag 2019-10-17 09:40:37 UTC
hi Team,

This is more of a query. This is regarding a Security issue raised internally in our team related to usage of ant version lower than 1.9.12 version. As we know poi-excelant-4.0.1 is dependent on ant-1.8.2, hence, i would like to know if we upgrade ant-1.8.2 to ant-1.9.12, is it fine ?

Could you please let us know ?

Regards,
Sushmita
Comment 1 Nick Burch 2019-10-17 10:05:08 UTC
Are you making use of the ExcelAnt integration? If not, just exclude the poi-excelant and dependencies from your project. It isn't required for most POI functionality, just the ant-based testing of excel file contents <https://poi.apache.org/components/spreadsheet/excelant.html>
Comment 2 Dominik Stadler 2019-11-02 13:37:55 UTC
You should be able to simply override the dependency on Ant if you cannot exclude it as Nick described. We are testing with versions up to 1.10 in CI and locally.