[
https://issues.apache.org/jira/browse/TIKA-4302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17877541#comment-17877541
]
Alan Klein commented on TIKA-4302:
----------------------------------
Thank you [~tilman] . Our company has a policy that required WhiteSource
identified high risk items be mitigated within a certain number of days. We
managed this through normal dependency management, however I wanted to raise
this up as it was flagged as high and I was uncertain if/when a new 2.x release
would happen with the 3.x beta available.
> Please generate a new 2.9.x deployment
> --------------------------------------
>
> Key: TIKA-4302
> URL: https://issues.apache.org/jira/browse/TIKA-4302
> Project: Tika
> Issue Type: Task
> Affects Versions: 2.9.2
> Reporter: Alan Klein
> Priority: Major
>
> It appears that a number of dependencies were updated in TIKA-4166
> Would you be able to generate a new 2.9.x deployment that includes the
> changes in TIKA-4166 ? I am specifically looking to address CVE-2024-29857
> (High) which is due to Bouncy Castle.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
