Jukka Zitting created TIKA-932:
----------------------------------
Summary: Upgrade to Commons Compress 1.4.1
Key: TIKA-932
URL: https://issues.apache.org/jira/browse/TIKA-932
Project: Tika
Issue Type: Improvement
Components: parser
Reporter: Jukka Zitting
Assignee: Jukka Zitting
Priority: Minor
Fix For: 1.2
There's a denial of service vulnerability (CVE-2012-2098) in Commons Compress versions up
to 1.4 (we currently use 1.3) that can be triggered with a specially crafted bzip2 document.
Tika already has higher-level features (ForkParser, etc.) for dealing with problems like this,
but it would in any case be good to upgrade our Commons Compress dependency to the new 1.4.1
release that fixes the vulnerability.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
|