Apache POI < 4.1.0 XSSFExportToXml XXE 漏洞（CVE-2019-12415）修复

pom.xml

@@ -19,6 +19,7 @@
         <jdk.version>1.6</jdk.version>
         <gpg.skip>true</gpg.skip>
         <maven.javadoc.skip>true</maven.javadoc.skip>
+        <org.apache.poi>4.1.2</org.apache.poi>
     </properties>
 
     <scm>
@@ -60,17 +61,17 @@
         <dependency>
             <groupId>org.apache.poi</groupId>
             <artifactId>poi</artifactId>
-            <version>3.17</version>
+            <version>${org.apache.poi}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.poi</groupId>
             <artifactId>poi-ooxml</artifactId>
-            <version>3.17</version>
+            <version>${org.apache.poi}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.poi</groupId>
             <artifactId>poi-ooxml-schemas</artifactId>
-            <version>3.17</version>
+            <version>${org.apache.poi}</version>
         </dependency>
         <dependency>
             <groupId>cglib</groupId>