tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Magnus Lövgren (JIRA) <j...@apache.org>
Subject [jira] [Commented] (TIKA-1380) Upgrade to Apache POI 3.11 beta 1
Date Mon, 25 Aug 2014 09:49:59 GMT

    [ https://issues.apache.org/jira/browse/TIKA-1380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14108960#comment-14108960
] 

Magnus Lövgren commented on TIKA-1380:
--------------------------------------

The security issues CVE-2014-3529 and CVE-2014-3574 was fixed in the POI 3.10.1 and POI 3.11-beta2
release. Upgrading POI from 3.10-FINAL to 3.11-beta1 will NOT fix these! Though, seems trunk
and the 1.6 branch are actually using 3.11-beta2 (i.e. POI security issues are actually fixed
in Tika 1.6).

-> Rename this JIRA to avoid confusion

> Upgrade to Apache POI 3.11 beta 1
> ---------------------------------
>
>                 Key: TIKA-1380
>                 URL: https://issues.apache.org/jira/browse/TIKA-1380
>             Project: Tika
>          Issue Type: Improvement
>          Components: parser
>    Affects Versions: 1.6
>            Reporter: Nick Burch
>             Fix For: 1.6, 1.7
>
>         Attachments: TIKA-1380.patch, TIKA-1380_nullOLELabel.patch, TIKA-1380b.patch,
TIKA-1380c.patch, tika-commentstable-missing.diff
>
>
> All being well, in a week there'll be a new release of Apache POI available, 3.11 beta
1
> This issue is to track the upgrade, any required changes, and fixing any TODOs that this
upgrade permits



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message