This is an automated email from the ASF dual-hosted git repository.

tallison pushed a commit to branch branch_1x
in repository https://gitbox.apache.org/repos/asf/tika.git


The following commit(s) were added to refs/heads/branch_1x by this push:
     new 32cbe38  TIKA-2561 upgrade jsoup to avoid potential xss vuln in grib
32cbe38 is described below

commit 32cbe382e7744de5ce32b812f2546f2d5625510b
Author: tballison <talli...@mitre.org>
AuthorDate: Fri Feb 2 08:17:44 2018 -0500

    TIKA-2561 upgrade jsoup to avoid potential xss vuln in grib
---
 tika-parsers/pom.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tika-parsers/pom.xml b/tika-parsers/pom.xml
index 14f46b4..cae337c 100644
--- a/tika-parsers/pom.xml
+++ b/tika-parsers/pom.xml
@@ -406,9 +406,19 @@
           <groupId>edu.ucar</groupId>
           <artifactId>jj2000</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.jsoup</groupId>
+          <artifactId>jsoup</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
+    <!-- grib's current jsoup is vulnerable to xss
+         exclude and import a more modern version TIKA-2561-->
     <dependency>
+      <groupId>org.jsoup</groupId>
+      <artifactId>jsoup</artifactId>
+      <version>1.11.2</version>
+    </dependency>    <dependency>
       <groupId>edu.ucar</groupId>
       <artifactId>cdm</artifactId>
       <version>${netcdf-java.version}</version>

-- 
To stop receiving notification emails like this one, please contact
talli...@apache.org.

Reply via email to