This is an automated email from the ASF dual-hosted git repository.

tallison pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tika.git


The following commit(s) were added to refs/heads/main by this push:
     new 277308d07 Remove h2 exclusion; my guess is that ossindex folks updated 
their db so that our version is no longer flagged.
277308d07 is described below

commit 277308d07d1741cfe81ada6d06b1e2cfa1150514
Author: tallison <[email protected]>
AuthorDate: Wed Jul 20 10:13:44 2022 -0400

    Remove h2 exclusion; my guess is that ossindex folks updated their db so 
that our version is no longer flagged.
---
 tika-parent/pom.xml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index bcd562281..c4b9fd338 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -790,15 +790,6 @@
               <artifactId>guava</artifactId>
               <version>31.1-jre</version>
             </exclude>
-            <!-- sonatype points to a sve in 1.4.199 for this ?!
-            https://www.exploit-db.com/exploits/49384
-            
https://codewhitesec.blogspot.com/2019/08/exploit-h2-database-native-libraries-jni.html
-            -->
-            <exclude>
-              <groupId>com.h2database</groupId>
-              <artifactId>h2</artifactId>
-              <version>${h2.version}</version>
-            </exclude>
             <exclude>
               <!-- CVE-2018-18928 does affect the java library not just the 
c/c++ library,
               upon further research -->

Reply via email to