Hi Team
I am using apache poi-ooxml-4.1.2.jar for our developmentpurpose for a Java based application. But while doing black duck scanning we got the below vulnerabilitiesfor Apache-XML Xml Security componentused in poi-ooxml-4.1.2.jar. The below classes used the Apache-XML Xml Security component in their import statements poi-ooxml-4.1.2.jar/org/apache/poi/poifs/crypt/dsig/SignatureConfig.class poi-ooxml-4.1.2.jar/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.class poi-ooxml-4.1.2.jar/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.class poi-ooxml-4.1.2.jar/org/apache/poi/poifs/crypt/dsig/services/RelationshipTransformService.class And below are the list of vulnerabilities IDS. CVE-2014-8152, CVE-2013-4517, CVE-2013-2210, CVE-2013-2172, CVE-2013-2156, CVE-2013-2155, CVE-2013-2154, CVE-2013-2153, CVE-2011-2516 Can you please guide us how to resolve this vulnerabilities . Thanks,Swagatika
