[jira] [Created] (TIKA-2887) Build fails with CVE warnings

T Craig (JIRA) Fri, 31 May 2019 09:31:18 -0700

T Craig created TIKA-2887:
-----------------------------

             Summary: Build fails with CVE warnings
                 Key: TIKA-2887
                 URL: https://issues.apache.org/jira/browse/TIKA-2887
             Project: Tika
          Issue Type: Bug
    Affects Versions: 1.21
         Environment: Win 10 64bit


JDK 8
            Reporter: T Craig


When running the initial build script it fails with two CVE warnings.

[INFO] Apache Tika OSGi bundle 1.21 ....................... FAILURE [  9.932 s]

[INFO] BUILD FAILURE

[ERROR] Failed to execute goal 
org.sonatype.ossindex.maven:ossindex-maven-plugin:3.0.4:audit 
(audit-dependencies) on project tika-bundle: Detected 2 vulnerable components:
[ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8:compile; 
https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/[email protected]
[ERROR] * [CVE-2019-12086] Information Exposure (7.5); 
https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029
[ERROR] c3p0:c3p0:jar:0.9.1.1:compile; 
https://ossindex.sonatype.org/component/pkg:maven/c3p0/[email protected]
[ERROR] * [CVE-2019-5427] Resource Management Errors (7.5); 
https://ossindex.sonatype.org/vuln/d25f4c21-9e76-4fc2-9d73-3770aa3aec56



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (TIKA-2887) Build fails with CVE warnings

Reply via email to