#96 Latest version of JETT-CORE required with Apache POI-4.0.1

[Kushagra Bindal]

Currently we are using latest version of jett-core which requires Apache POI 3.14. This version of poi is not secure and having multiple vulnerabilities.

https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-22766/version_id-210236/Apache-POI-3.14.html

Due to this reason we have decided to upgrade the version of POI to its latest version i.e. 4.0.1. But we have observed that latest version of jett-core is not supporting the new version of POI and throwing multiple issues during compilation.

We urgently need to upgrade the version to the new version. So, to overcome these issue we have tried to build the jett-core component with the latest version of POI and log4j. Attached component is the compiled code base for the same. It seems ok to me to do in this manner. Please let us know if this looks good.

I will commit the code, if required and request you to review the complete code.

[Kushagra Bindal]

@Randy : Please let me know if we can work on this ticket collaboratively to resolve this quickly.

[Kushagra Bindal]

Hi Randy,

Is there any update on this?

Can we do this on our own and publish the new version of jar with the latest change, and will share PR for your review.

Regards
Kushagra

[tran4o]

Coincidence we did it just today,
there is an initial commit in github
https://github.com/plan-vision/jett-poi4

[Kushagra Bindal]

Thanks Tran for this.

Just a quick suggestion, can you please upgrade the log4j version in ur pom.xml to latest one. Currently it is supporting 2.11.2 . https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-jcl

It will help for greater maintainibility.

Already asked in another post though, if possible please provide details about the release date of this latest binary.

Regards
Kushagra

[SuperPat]

Hi

Sad to see that JETT is almost dead.

We really need an active community fork on github.