[jira] [Commented] (TIKA-2890) Critical security vulnerability in depedencies

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Commented] (TIKA-2890) Critical security vulnerability in depedencies

Hudson (Jira)

    [ https://issues.apache.org/jira/browse/TIKA-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16953695#comment-16953695 ]

Tim Allison commented on TIKA-2890:

[~arajwade], are you using a nightly build or building locally?  Is it ok if I do a blanket update before release rather than making these updates every two weeks (it feels)?

Thank you for the heads up.

> Critical security vulnerability in depedencies
> ----------------------------------------------
>                 Key: TIKA-2890
>                 URL: https://issues.apache.org/jira/browse/TIKA-2890
>             Project: Tika
>          Issue Type: Improvement
>          Components: parser
>    Affects Versions: 1.21
>            Reporter: Kyle DuPont
>            Priority: Major
>             Fix For: 1.23
>   Original Estimate: 1h
>  Remaining Estimate: 1h
> The parser dependency jackson-databind:2.9.8 has a critical vulnerability as per:
> [https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029]
> This should be bumped to >2.9.9 to resolve this vulnerability.

This message was sent by Atlassian Jira