[jira] [Created] (TIKA-2808) Skip h2 1.4.197 in ossindex-maven-plugin in tika-eval

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Created] (TIKA-2808) Skip h2 1.4.197 in ossindex-maven-plugin in tika-eval

JIRA jira@apache.org
Tim Allison created TIKA-2808:
---------------------------------

             Summary: Skip h2 1.4.197 in ossindex-maven-plugin in tika-eval
                 Key: TIKA-2808
                 URL: https://issues.apache.org/jira/browse/TIKA-2808
             Project: Tika
          Issue Type: Improvement
            Reporter: Tim Allison


The build is now failing because of two recently indexed vulnerabilities in h2 1.4.197, which is used by tika-eval.  In reviewing at least one of the cves, it looks like versions before 1.4.197 are also vulnerable.  There is no actual "fix version" available, afaict.  For now, let's skip h2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)