This is an automated email from the ASF dual-hosted git repository.
tallison pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/main by this push:
new 277308d07 Remove h2 exclusion; my guess is that ossindex folks updated
their db so that our version is no longer flagged.
277308d07 is described below
commit 277308d07d1741cfe81ada6d06b1e2cfa1150514
Author: tallison <[email protected]>
AuthorDate: Wed Jul 20 10:13:44 2022 -0400
Remove h2 exclusion; my guess is that ossindex folks updated their db so
that our version is no longer flagged.
---
tika-parent/pom.xml | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index bcd562281..c4b9fd338 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -790,15 +790,6 @@
<artifactId>guava</artifactId>
<version>31.1-jre</version>
</exclude>
- <!-- sonatype points to a sve in 1.4.199 for this ?!
- https://www.exploit-db.com/exploits/49384
-
https://codewhitesec.blogspot.com/2019/08/exploit-h2-database-native-libraries-jni.html
- -->
- <exclude>
- <groupId>com.h2database</groupId>
- <artifactId>h2</artifactId>
- <version>${h2.version}</version>
- </exclude>
<exclude>
<!-- CVE-2018-18928 does affect the java library not just the
c/c++ library,
upon further research -->