13 January 2021 - CVE-2021-23926 - XML External Entity (XXE) Processing in Apache XMLBeans versions prior to 3.0.0 POI requires Java 8 or newer since version 4.0.1.
People interested should also follow the dev list to track progress. Several dependencies were also updated to their latest versions to pick up security fixes and other improvements.Ī full list of changes is available in the change log. Various rendering fixes in the Common SL/EMF modules.
The Apache POI team is pleased to announce the release of 5.0.0.
