tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aman Mishra (Jira)" <j...@apache.org>
Subject [jira] [Created] (TIKA-2953) Vulnerable "commons-compress : 1.18" is present in tika-bundle 1.22.
Date Tue, 01 Oct 2019 05:25:00 GMT
Aman Mishra created TIKA-2953:

             Summary: Vulnerable "commons-compress : 1.18" is present in tika-bundle 1.22.

                 Key: TIKA-2953
                 URL: https://issues.apache.org/jira/browse/TIKA-2953
             Project: Tika
          Issue Type: Bug
            Reporter: Aman Mishra

We can see that commons-compress with version 1.18 is present in tika-bundle 1.22 jar. We
can see that latest commons-compress with version 1.19 is not vulnerable.


So please confirm your side that "Is this vulnerability CVE-2019-12402 is impacting to tika
or not ?"

And can we upgrade this library (commons-compress : 1.18) to latest version 1.19 locally after
downloading the source code of tika ? Is there any challenge for this?

This message was sent by Atlassian Jira

View raw message