tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (Jira)" <j...@apache.org>
Subject [jira] [Commented] (TIKA-2890) Critical security vulnerability in depedencies
Date Fri, 27 Sep 2019 17:03:00 GMT

    [ https://issues.apache.org/jira/browse/TIKA-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16939607#comment-16939607
] 

Hudson commented on TIKA-2890:
------------------------------

UNSTABLE: Integrated in Jenkins build Tika-trunk #1700 (See [https://builds.apache.org/job/Tika-trunk/1700/])
TIKA-2890 -- update jackson to avoid recent CVEs (tallison: [https://github.com/apache/tika/commit/c33d5412ca1133fd80c5fa5df7d0f51e0c076293])
* (edit) tika-parent/pom.xml


> Critical security vulnerability in depedencies
> ----------------------------------------------
>
>                 Key: TIKA-2890
>                 URL: https://issues.apache.org/jira/browse/TIKA-2890
>             Project: Tika
>          Issue Type: Improvement
>          Components: parser
>    Affects Versions: 1.21
>            Reporter: Kyle DuPont
>            Priority: Major
>             Fix For: 1.23
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> The parser dependency jackson-databind:2.9.8 has a critical vulnerability as per:
> [https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029]
> This should be bumped to >2.9.9 to resolve this vulnerability.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message