jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [jmeter] sseide opened a new pull request #589: update apache tika to 2.14.1 (from 1.23)
Date Thu, 07 May 2020 12:25:34 GMT

sseide opened a new pull request #589:
URL: https://github.com/apache/jmeter/pull/589


   ## Description
   This pull request updates apache tika libraries to fix multiple direct and indirect vulnerability
warnings current version 1.23 has.  
   
   ## Motivation and Context
   Open vunerability reports with old version  1.23 are the following. All of them are fixed
updating to 1.24.1:
   * CVE-2019-14262 - indirect (dependency of tika-parsers), cvss 8.1
   * CVE-2019-17573 - indirect (dependency of tika-parsers), cvss 6.5
   * CVE-2020-1951 - direct, cvss 5.3
   * CVE-2020-1950 - direct, cvss 5.3
   * CVE-2020-9489 - direct, cvss 5.3
   
   ## How Has This Been Tested?
   `gradlew check` run succesful
   Used tika-parsers 1.24 fo a longer time at our installation, 1.24.1 for some days without
problems
   
   ## Types of changes
   <!--- What types of changes does your code introduce? Delete as appropriate -->
   - Bug fix (non-breaking change which fixes an issue)
   
   ## Checklist:
   - [x] My code follows the [code style][style-guide] of this project.
   - [x] I have updated the documentation accordingly.
   
   [style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message