tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (TIKA-932) Upgrade to Commons Compress 1.4.1
Date Fri, 29 Jun 2012 21:21:43 GMT

     [ https://issues.apache.org/jira/browse/TIKA-932?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jukka Zitting resolved TIKA-932.
--------------------------------

    Resolution: Fixed

Done in revisions 1355521 and 1355562.

In addition to simply upgrading the dependency I also modified the relevant parser and detector
code to take advantage of some of the new features (autodetection, new supported formats,
etc.) in Commons Compress 1.4.1.
                
> Upgrade to Commons Compress 1.4.1
> ---------------------------------
>
>                 Key: TIKA-932
>                 URL: https://issues.apache.org/jira/browse/TIKA-932
>             Project: Tika
>          Issue Type: Improvement
>          Components: parser
>            Reporter: Jukka Zitting
>            Assignee: Jukka Zitting
>            Priority: Minor
>              Labels: security
>             Fix For: 1.2
>
>
> There's a denial of service vulnerability (CVE-2012-2098) in Commons Compress versions
up to 1.4 (we currently use 1.3) that can be triggered with a specially crafted bzip2 document.
> Tika already has higher-level features (ForkParser, etc.) for dealing with problems like
this, but it would in any case be good to upgrade our Commons Compress dependency to the new
1.4.1 release that fixes the vulnerability.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message