Hello, We're getting a warning regarding some vulnerability induced by the batik-all dependency when using poi-ooxml. [ERROR] org.apache.xmlgraphics:batik-transcoder:jar:1.13:compile; https://ossindex.sonatype.org/component/pkg:maven/org.apache.xmlgraphics/batik-transcoder@1.13?utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1 [ERROR] * [CVE-2020-11987] Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improp... (5.3); https://ossindex.sonatype.org/vulnerability/3be652e4-f000-4fad-9fdb-1a0bda304afe?component-type=maven&component-name=org.apache.xmlgraphics.batik-transcoder&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1 [ERROR] org.apache.xmlgraphics:batik-dom:jar:1.13:compile; https://ossindex.sonatype.org/component/pkg:maven/org.apache.xmlgraphics/batik-dom@1.13?utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1 [ERROR] * [CVE-2020-11987] Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improp... (5.3); https://ossindex.sonatype.org/vulnerability/3be652e4-f000-4fad-9fdb-1a0bda304afe?component-type=maven&component-name=org.apache.xmlgraphics.batik-dom&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1 I'm not really sure what it impacts but it's the kind of thing that should be looked into IMO. Thanks
Next POI release will use batik 1.14. You can change your project to use batik 1.14 - it should work with POI 5.0.0.
*** Bug 65421 has been marked as a duplicate of this bug. ***