[
https://issues.apache.org/jira/browse/SOLR-17901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18044480#comment-18044480
]
Isabelle Giguere commented on SOLR-17901:
-----------------------------------------
This appears to be fixed in branch_10.x
https://github.com/apache/solr/blob/branch_10x/solr/modules/extraction/gradle.lockfile
org.apache.tika:tika-core:3.2.3
Tika 3.2.3 does not depend on apache-mime4j-core anymore
https://mvnrepository.com/artifact/org.apache.tika/tika-parsers/3.2.3
Solr branch 9.10 still depends on Tika 1.28, with a dependency on
apache-mime4j-core
https://mvnrepository.com/artifact/org.apache.tika/tika-parsers/1.28.5
> CVE-2024-21742: vulnerability in apache-mime4j-core 0.8.4 dependency
> --------------------------------------------------------------------
>
> Key: SOLR-17901
> URL: https://issues.apache.org/jira/browse/SOLR-17901
> Project: Solr
> Issue Type: Bug
> Affects Versions: 9.9.0
> Reporter: Alexander Veit
> Priority: Major
> Labels: security
>
> {{org.apache.james:apache-mime4j-core:0.8.4}} (Apr 2021) which is included in
> Solr 9.9.0 comes with CVE-2024-21742 (Score 5.3).
> https://nvd.nist.gov/vuln/detail/CVE-2024-21742
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
