poi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 63188] Specific microsoft excel file(.xlsx) getting corrupted while manipulated using apache-poi-3.10 libraries
Date Sun, 10 Mar 2019 09:53:59 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=63188

Dominik Stadler <dominik.stadler@gmx.at> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME

--- Comment #6 from Dominik Stadler <dominik.stadler@gmx.at> ---
If you set minimum inflation ratio to 0, you disable the protection that we
built into Apache POI.

However this only poses a security threat if you process documents where you do
not control the contents fully, e.g. if you allow users to upload documents
that are then processed.

If you do not allow that anywhere, you might be fine with setting it to 0.

If you allow external uploads of documents, but you would like to process
documents like the one provided, you can try using a different value for
minimum inflation ratio. The default is 0.01, so you might need to experiment
with smaller values, e.g. 0.001 until you can process documents, but still have
some protection against document which expand too much and would use up too
much memory.

As this is working as expected from our point of view, I am closing this for
now, please discuss on the mailing list if you have more usage questions or
report new bugs if you find something not working as expected/described.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org


Mime
View raw message