This is an automated email from the ASF dual-hosted git repository. tallison pushed a commit to branch branch_1x in repository https://gitbox.apache.org/repos/asf/tika.git
commit 38ad4fbf522c4c083e62a5bb3dd57201db6c6a19 Author: tallison <[email protected]> AuthorDate: Mon Oct 28 11:30:14 2019 -0400 TIKA-2925 -- bump quartz-scheduler to avoid cve --- tika-parsers/pom.xml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tika-parsers/pom.xml b/tika-parsers/pom.xml index a6803e9..bf321b2 100644 --- a/tika-parsers/pom.xml +++ b/tika-parsers/pom.xml @@ -585,8 +585,18 @@ <groupId>c3p0</groupId> <artifactId>c3p0</artifactId> </exclusion> + <exclusion> + <groupId>org.quartz-scheduler</groupId> + <artifactId>quartz</artifactId> + </exclusion> </exclusions> </dependency> + <!--needs to be bumped for xml vulnerability --> + <dependency> + <groupId>org.quartz-scheduler</groupId> + <artifactId>quartz</artifactId> + <version>2.3.2</version> + </dependency> <!-- needs to be excluded and version bumped to avoid billion laughs vuln --> <dependency>
