[ https://issues.apache.org/jira/browse/TIKA-2808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16736126#comment-16736126
]
Hudson commented on TIKA-2808:
------------------------------
SUCCESS: Integrated in Jenkins build tika-branch-1x #152 (See [https://builds.apache.org/job/tika-branch-1x/152/])
TIKA-2808 -- exclude h2 from ossindex-maven-plugin (tallison: [https://github.com/apache/tika/commit/eaaf1e31127cd25db58b5619c99f541ec6c85cab])
* (edit) tika-eval/pom.xml
> Skip h2 1.4.197 in ossindex-maven-plugin in tika-eval
> ------------------------------------------------------
>
> Key: TIKA-2808
> URL: https://issues.apache.org/jira/browse/TIKA-2808
> Project: Tika
> Issue Type: Improvement
> Reporter: Tim Allison
> Priority: Major
>
> The build is now failing because of two recently indexed vulnerabilities in h2 1.4.197,
which is used by tika-eval. In reviewing at least one of the cves (CVE-2018-10054), it looks
like versions before 1.4.197 are also vulnerable (unless "create alias" wasn't added until
1.4.197...which I doubt). There is no actual "fix version" available, afaict. For now, let's
skip h2.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
|