This is an automated email from the ASF dual-hosted git repository.
tallison pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/main by this push:
new 1385efc4c TIKA-3795 -- add ossindex exclusion for currently unfixable
azure blob storage
1385efc4c is described below
commit 1385efc4c92a48d950e2db5e5359bda19f885354
Author: tballison <[email protected]>
AuthorDate: Fri Jul 15 10:37:11 2022 -0400
TIKA-3795 -- add ossindex exclusion for currently unfixable azure blob
storage
---
tika-parent/pom.xml | 9 ++++++++-
tika-pipes/pom.xml | 1 +
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index 7a5762ab2..a5bcf8cfa 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -798,7 +798,8 @@
<version>${h2.version}</version>
</exclude>
<exclude>
- <!-- CVE-2018-18928 seems to be about the c++ library, not the
java library -->
+ <!-- CVE-2018-18928 does affect the java library not just the
c/c++ library,
+ upon further research -->
<groupId>com.ibm.icu</groupId>
<artifactId>icu4j</artifactId>
<version>${icu4j.version}</version>
@@ -815,6 +816,12 @@
<artifactId>xercesImpl</artifactId>
<version>${xerces.version}</version>
</exclude>
+ <!-- no fix available as of 20220715 -->
+ <dependency>
+ <groupId>com.azure</groupId>
+ <artifactId>azure-storage-blob</artifactId>
+ <version>12.18.0</version>
+ </dependency>
<!-- these are used by the nlp-module -->
<exclude>
<groupId>org.apache.lucene</groupId>
diff --git a/tika-pipes/pom.xml b/tika-pipes/pom.xml
index 886ffe071..86d316548 100644
--- a/tika-pipes/pom.xml
+++ b/tika-pipes/pom.xml
@@ -51,6 +51,7 @@
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-storage-blob</artifactId>
+ <!-- when upgrading this, remove it from ossindex exclusions in parent
-->
<version>12.18.0</version>
</dependency>
<dependency>
