tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Mortagne (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TIKA-2878) Update dependencies for 1.22
Date Wed, 14 Aug 2019 15:54:00 GMT

    [ https://issues.apache.org/jira/browse/TIKA-2878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16907378#comment-16907378
] 

Thomas Mortagne commented on TIKA-2878:
---------------------------------------

I'm not really proposing any specific rule or even suggesting that there is a known issue
with ASM 7.2-beta. I'm just always very surprised that a beta version is used as dependency
of something which is itself not beta and I'm wondering if it's like this because some issue
was found in ASM 7.1 or just that "it's the current latest version and it seems to work OK".

> Update dependencies for 1.22
> ----------------------------
>
>                 Key: TIKA-2878
>                 URL: https://issues.apache.org/jira/browse/TIKA-2878
>             Project: Tika
>          Issue Type: Task
>            Reporter: Tim Allison
>            Priority: Major
>         Attachments: dependency-check-report.html, dependency_tree.txt, pom.xml
>
>
> And in the category of "stuff you can't make up"...while generating the javadocs for
the 1.21 release:
> We're now getting this inĀ {{tika-parsers}}:
> {noformat}
>   c3p0:c3p0:jar:0.9.1.1:compile; https://ossindex.sonatype.org/component/pkg:maven/c3p0/c3p0@0.9.1.1
>     * [CVE-2019-5427]  Resource Management Errors (7.5); https://ossindex.sonatype.org/vuln/d25f4c21-9e76-4fc2-9d73-3770aa3aec56
> {noformat}
> and in {{tika-server}}:
> {noformat}
>     * [CVE-2019-10247]  Information Exposure (5.3); https://ossindex.sonatype.org/vuln/47ad4d7e-b9c3-414f-9bfa-1dfaa92b0aba
>     * [CVE-2019-10241]  Improper Neutralization of Input During Web Page Generation ("Cross-site
Scripting") (6.1); https://ossindex.sonatype.org/vuln/970aece8-4a1d-4a9e-ab97-0982b13dac4d
>   org.eclipse.jetty:jetty-server:jar:9.4.14.v20181114:compile; https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-server@9.4.14.v20181114
>     * [CVE-2019-10247]  Information Exposure (5.3); https://ossindex.sonatype.org/vuln/47ad4d7e-b9c3-414f-9bfa-1dfaa92b0aba
>     * [CVE-2019-10241]  Improper Neutralization of Input During Web Page Generation ("Cross-site
Scripting") (6.1); https://ossindex.sonatype.org/vuln/970aece8-4a1d-4a9e-ab97-0982b13dac4d
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Mime
View raw message