FYI So company 'A' requires a security scan. one thing it turned up on our norconex crawler servers was about the poi jars being vulnerabilities and following the recommendations partially breaks norconex 3.0.2 . So when we upgrade the below jars ie it appears to break parsing MS type docs. We put these fixes in to the lib dir and got 30 docs back from the crawl where reverting to the 4.1.2 versions of all three gets us the full complement of 247 crawled docs indexed into solr as before the upgrade fixes (so is this a know issue fixed in 3.1? maybe? We're crawling a sharepoint public website full of MS files and other stuff) :
Apache POI < 5.4.0 Improper Input Validation
Misc.
Medium
Plugin Output:
Path : /opt/norconex-collector-http-3.0.2/lib/poi-scratchpad-4.1.2.jar
Installed version : 4.1.2
Fixed version : 5.4.0
Path : /opt/norconex-collector-http-3.0.2/lib/poi-ooxml-4.1.2.jar
Installed version : 4.1.2
Fixed version : 5.4.0
Path : /opt/norconex-collector-http-3.0.2/lib/poi-4.1.2.jar
Installed version : 4.1.2
Fixed version : 5.4.0
- Updating POI jars mostly breaks the crawler
FYI So company 'A' requires a security scan. one thing it turned up on our norconex crawler servers was about the poi jars being vulnerabilities and following the recommendations partially breaks norconex 3.0.2 . So when we upgrade the below jars ie it appears to break parsing MS type docs. We put these fixes in to the lib dir and got 30 docs back from the crawl where reverting to the 4.1.2 versions of all three gets us the full complement of 247 crawled docs indexed into solr as before the upgrade fixes (so is this a know issue fixed in 3.1? maybe? We're crawling a sharepoint public website full of MS files and other stuff) :
Apache POI < 5.4.0 Improper Input Validation
Misc.
Medium
Plugin Output:
Path : /opt/norconex-collector-http-3.0.2/lib/poi-scratchpad-4.1.2.jar
Installed version : 4.1.2
Fixed version : 5.4.0
Path : /opt/norconex-collector-http-3.0.2/lib/poi-ooxml-4.1.2.jar
Installed version : 4.1.2
Fixed version : 5.4.0
Path : /opt/norconex-collector-http-3.0.2/lib/poi-4.1.2.jar
Installed version : 4.1.2
Fixed version : 5.4.0