[jira] [Commented] (TIKA-2878) Update dependencies for 1.21.1 or 1.22

Wed, 29 May 2019 09:13:09 -0700 


    [ 
https://issues.apache.org/jira/browse/TIKA-2878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16851018#comment-16851018
 ] 

Hudson commented on TIKA-2878:
------------------------------

SUCCESS: Integrated in Jenkins build Tika-trunk #1667 (See 
[https://builds.apache.org/job/Tika-trunk/1667/])
TIKA-2878 -- update vulnerable jackson version (tallison: 
[https://github.com/apache/tika/commit/2d6870bb56ca03a699e64a96310ce8558130a906])
* (edit) tika-parent/pom.xml


> Update dependencies for 1.21.1 or 1.22
> --------------------------------------
>
>                 Key: TIKA-2878
>                 URL: https://issues.apache.org/jira/browse/TIKA-2878
>             Project: Tika
>          Issue Type: Task
>            Reporter: Tim Allison
>            Priority: Major
>         Attachments: dependency-check-report.html, dependency_tree.txt, 
> pom.xml
>
>
> And in the category of "stuff you can't make up"...while generating the 
> javadocs for the 1.21 release:
> We're now getting this inĀ {{tika-parsers}}:
> {noformat}
>   c3p0:c3p0:jar:0.9.1.1:compile; 
> https://ossindex.sonatype.org/component/pkg:maven/c3p0/[email protected]
>     * [CVE-2019-5427]  Resource Management Errors (7.5); 
> https://ossindex.sonatype.org/vuln/d25f4c21-9e76-4fc2-9d73-3770aa3aec56
> {noformat}
> and in {{tika-server}}:
> {noformat}
>     * [CVE-2019-10247]  Information Exposure (5.3); 
> https://ossindex.sonatype.org/vuln/47ad4d7e-b9c3-414f-9bfa-1dfaa92b0aba
>     * [CVE-2019-10241]  Improper Neutralization of Input During Web Page 
> Generation ("Cross-site Scripting") (6.1); 
> https://ossindex.sonatype.org/vuln/970aece8-4a1d-4a9e-ab97-0982b13dac4d
>   org.eclipse.jetty:jetty-server:jar:9.4.14.v20181114:compile; 
> https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/[email protected]
>     * [CVE-2019-10247]  Information Exposure (5.3); 
> https://ossindex.sonatype.org/vuln/47ad4d7e-b9c3-414f-9bfa-1dfaa92b0aba
>     * [CVE-2019-10241]  Improper Neutralization of Input During Web Page 
> Generation ("Cross-site Scripting") (6.1); 
> https://ossindex.sonatype.org/vuln/970aece8-4a1d-4a9e-ab97-0982b13dac4d
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to