tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lau Brino (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TIKA-932) Upgrade to Commons Compress 1.4.1
Date Mon, 01 Oct 2012 12:25:08 GMT

    [ https://issues.apache.org/jira/browse/TIKA-932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13466756#comment-13466756
] 

Lau Brino commented on TIKA-932:
--------------------------------

Hi, see page http://tika.apache.org/1.2/gettingstarted.html - there's still 1.3 version mentioned...
                
> Upgrade to Commons Compress 1.4.1
> ---------------------------------
>
>                 Key: TIKA-932
>                 URL: https://issues.apache.org/jira/browse/TIKA-932
>             Project: Tika
>          Issue Type: Improvement
>          Components: parser
>            Reporter: Jukka Zitting
>            Assignee: Jukka Zitting
>            Priority: Minor
>              Labels: security
>             Fix For: 1.2
>
>
> There's a denial of service vulnerability (CVE-2012-2098) in Commons Compress versions
up to 1.4 (we currently use 1.3) that can be triggered with a specially crafted bzip2 document.
> Tika already has higher-level features (ForkParser, etc.) for dealing with problems like
this, but it would in any case be good to upgrade our Commons Compress dependency to the new
1.4.1 release that fixes the vulnerability.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message