[
https://issues.apache.org/jira/browse/TIKA-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17875592#comment-17875592
]
Tilman Hausherr commented on TIKA-4280:
---------------------------------------
TIKA-4290 is resolved, although he's of course free to bring up more changes
but he has now kept quiet for some time.
the ffmpeg issue and the hdf5 issue: 1.14.3-1.5.10 is the latest version on
maven central but it has a CVE. They claim it has been fixed in 1.14.4
[https://www.hdfgroup.org/2024/05/06/new-hdf5-cve-issues-fixed-in-1-14-4/]
but that one isn't available. ffmpeg has also a CVE, I've excluded it
completely, see my comment inĀ tika-parsers/tika-parsers-ml/tika-dl/pom.xml .
At this time it is still at the vulnerable 6.1.1-1.5.10 . Do we have a
"stakeholder" on these two issues who can help?
> Tasks for the 3.0.0 release
> ---------------------------
>
> Key: TIKA-4280
> URL: https://issues.apache.org/jira/browse/TIKA-4280
> Project: Tika
> Issue Type: Task
> Reporter: Tim Allison
> Priority: Major
>
> I'm too lazy to open separate tickets. Please do so if desired.
> Some items:
> * Before releasing the real 3.0.0 we need to remove any "-M" dependencies
> * Decide about the ffmpeg issue and the hdf5 issue
> * Run the regression tests vs 2.9.x
> * Convert tika-grpc to use the dependency plugin instead of the shade plugin
> * Turn javadocs back on. I got errors during the deploy process because
> javadoc needed the auto-generated code ("cannot find symbol
> DeleteFetcherRequest"). We need to enable javadocs for the rest of the
> project.
> * TIKA-4290 Tilman question
> Other things? Thank you [~tilman] for the first two!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
