Skip to content

Commit 2f2a257

Browse files
rnapoles-rhclaude
andcommitted
fix: update docling to 2.97.0 to address multiple security vulnerabilities
Docling versions prior to 2.61.1 are vulnerable to XML Entity Expansion (XXE) attacks in the METS GBS backend, allowing attackers to craft malicious XML files with nested entity definitions (XML Bomb) that can cause DoS through excessive resource consumption. Docling versions prior to 2.91.0 are vulnerable to unsafe URI and path handling in the HTML backend (CVE-2026-47214), including: - Path traversal via ../ sequences and absolute paths - SSRF via unvalidated file:// URIs and internal network access - Unvalidated HTTP redirects - Unlimited resource consumption from remote images and data: URIs Updated to version 2.97.0 which includes all security fixes from 2.61.1, 2.91.0, and 2.94.0 releases. Fixes: https://github.com/developerproductivity/logilica-cli/security/dependabot/3 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1 parent 60a7ed4 commit 2f2a257

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

requirements.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
click~=8.1.0
2-
docling~=2.25.2
2+
docling~=2.97.0
33
google-api-python-client~=2.159.0
44
google-auth-oauthlib~=1.2.1
55
platformdirs~=4.3.6

0 commit comments

Comments
 (0)