From dev-return-31564-apmail-tika-dev-archive=tika.apache.org@tika.apache.org Tue Sep 17 14:42:02 2019 Return-Path: X-Original-To: apmail-tika-dev-archive@www.apache.org Delivered-To: apmail-tika-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by minotaur.apache.org (Postfix) with SMTP id 5444D193CF for ; Tue, 17 Sep 2019 14:42:02 +0000 (UTC) Received: (qmail 8990 invoked by uid 500); 17 Sep 2019 14:42:01 -0000 Delivered-To: apmail-tika-dev-archive@tika.apache.org Received: (qmail 8942 invoked by uid 500); 17 Sep 2019 14:42:01 -0000 Mailing-List: contact dev-help@tika.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@tika.apache.org Delivered-To: mailing list dev@tika.apache.org Received: (qmail 8931 invoked by uid 99); 17 Sep 2019 14:42:01 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Sep 2019 14:42:01 +0000 Received: from jira-he-de.apache.org (static.172.67.40.188.clients.your-server.de [188.40.67.172]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id E9108E01AE for ; Tue, 17 Sep 2019 14:42:00 +0000 (UTC) Received: from jira-he-de.apache.org (localhost.localdomain [127.0.0.1]) by jira-he-de.apache.org (ASF Mail Server at jira-he-de.apache.org) with ESMTP id 422137802FF for ; Tue, 17 Sep 2019 14:42:00 +0000 (UTC) Date: Tue, 17 Sep 2019 14:42:00 +0000 (UTC) From: "Chad Vincent (Jira)" To: dev@tika.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (TIKA-2890) Critical security vulnerability in depedencies MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/TIKA-2890?page=3Dcom.atlassian.= jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D16931= 532#comment-16931532 ]=20 Chad Vincent commented on TIKA-2890: ------------------------------------ Needs bumped to >2.9.9.2 now due to=C2=A0[https://nvd.nist.gov/vuln/detail/= CVE-2019-14379] > Critical security vulnerability in depedencies > ---------------------------------------------- > > Key: TIKA-2890 > URL: https://issues.apache.org/jira/browse/TIKA-2890 > Project: Tika > Issue Type: Improvement > Components: parser > Affects Versions: 1.21 > Reporter: Kyle DuPont > Priority: Major > Original Estimate: 1h > Remaining Estimate: 1h > > The parser dependency jackson-databind:2.9.8 has a critical vulnerability= as per: > [https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029] > This should be bumped to >2.9.9 to resolve this vulnerability. -- This message was sent by Atlassian Jira (v8.3.2#803003)