[jira] [Commented] (TIKA-2570) Tika 1.17 uses vulnerable Jackson version 2.9.2

Wed, 21 Feb 2018 13:47:45 -0800 

    [ 
https://issues.apache.org/jira/browse/TIKA-2570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16372064#comment-16372064
 ] 

ASF GitHub Bot commented on TIKA-2570:
--------------------------------------

tballison closed pull request #219: Fix for TIKA-2570 contributed by ewanmellor.
URL: https://github.com/apache/tika/pull/219
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/tika-parsers/pom.xml b/tika-parsers/pom.xml
index 85e9cd26a..dacde58a5 100644
--- a/tika-parsers/pom.xml
+++ b/tika-parsers/pom.xml
@@ -587,7 +587,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-core</artifactId>
-      <version>2.9.2</version>
+      <version>2.9.4</version>
     </dependency>
 
     <!-- Java ImageIO plugin for JBIG2 support (often used in PDF)
diff --git a/tika-translate/pom.xml b/tika-translate/pom.xml
index 21e162569..941b0ef37 100644
--- a/tika-translate/pom.xml
+++ b/tika-translate/pom.xml
@@ -59,7 +59,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.jaxrs</groupId>
       <artifactId>jackson-jaxrs-json-provider</artifactId>
-      <version>2.9.2</version>
+      <version>2.9.4</version>
     </dependency>
 
     <!-- Test dependencies -->


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Tika 1.17 uses vulnerable Jackson version 2.9.2
> -----------------------------------------------
>
>                 Key: TIKA-2570
>                 URL: https://issues.apache.org/jira/browse/TIKA-2570
>             Project: Tika
>          Issue Type: Task
>            Reporter: Julian Reschke
>            Priority: Minor
>
> See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to