It is recommended that you use the same versions of all POI jars. If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception.Īffected users are advised to update to poi-scratchpad 5.2.1 or above This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). 4 March 2022 - CVE-2022-26336 - A carefully crafted TNEF file can cause an out of memory exception in Apache POI poi-scratchpad versions prior to 5.2.0Ī shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. POI requires Java 8 or newer since version 4.0.1. People interested should also follow the dev list to track progress.
Several dependencies were updated to their latest versions to pick up security fixes and other improvements.Ī full list of changes is available in the change log. The Apache POI team is pleased to announce the release of 5.2.3.
