kenglxn / QRGen

a simple QRCode generation api for java built on top ZXING

http://glxn.net/2012/03/10/qrgen-a-small-wrapper-on-top-of-zxing-for-generating-qrcodes-in-java

Upgrade Batik to 1.14 for security

mhping opened this issue 3 years ago · comments

mhping commented 3 years ago

Hi.
The Batik versions 1.13 and prior have some medium-high CVEs discovered in it.
https://nvd.nist.gov/vuln/detail/CVE-2020-11987
CVE-2019-17566, CVE-2018-8013
https://xmlgraphics.apache.org/security.html

Although i cannot verify if they are exploitable. But i believe it is still very worth upgrading.