tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TIKA-2808) Skip h2 1.4.197 in ossindex-maven-plugin in tika-eval
Date Mon, 07 Jan 2019 18:04:00 GMT

    [ https://issues.apache.org/jira/browse/TIKA-2808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16736114#comment-16736114
] 

Hudson commented on TIKA-2808:
------------------------------

SUCCESS: Integrated in Jenkins build Tika-trunk #1617 (See [https://builds.apache.org/job/Tika-trunk/1617/])
TIKA-2808 -- exclude h2 from ossindex-maven-plugin (tallison: [https://github.com/apache/tika/commit/f3fac43b3dd3c4a735c2de2598176eda865aed9b])
* (edit) tika-eval/pom.xml


> Skip h2 1.4.197 in ossindex-maven-plugin in tika-eval 
> ------------------------------------------------------
>
>                 Key: TIKA-2808
>                 URL: https://issues.apache.org/jira/browse/TIKA-2808
>             Project: Tika
>          Issue Type: Improvement
>            Reporter: Tim Allison
>            Priority: Major
>
> The build is now failing because of two recently indexed vulnerabilities in h2 1.4.197,
which is used by tika-eval.  In reviewing at least one of the cves (CVE-2018-10054), it looks
like versions before 1.4.197 are also vulnerable (unless "create alias" wasn't added until
1.4.197...which I doubt).  There is no actual "fix version" available, afaict.  For now, let's
skip h2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message