[jira] [Resolved] (TIKA-2801) Tika includes 2 vulnerable components

Tim Allison (JIRA) Mon, 22 Apr 2019 12:30:16 -0700


     [ 
https://issues.apache.org/jira/browse/TIKA-2801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tim Allison resolved TIKA-2801.
-------------------------------
       Resolution: Fixed
         Assignee: Tim Allison
    Fix Version/s: 1.21

I think I just took care of this on TIKA-2804, TIKA-2824, TIKA-2854.

> Tika includes 2 vulnerable components
> -------------------------------------
>
>                 Key: TIKA-2801
>                 URL: https://issues.apache.org/jira/browse/TIKA-2801
>             Project: Tika
>          Issue Type: Task
>          Components: parser
>    Affects Versions: 1.20
>            Reporter: Maxim Solodovnik
>            Assignee: Tim Allison
>            Priority: Critical
>             Fix For: 1.21
>
>
> Maven audit plugin reports 2 vulnerable components:
> com.google.guava:guava:jar:17.0:compile
>  * [CVE-2018-10237] Deserialization of Untrusted Data (5.9); 
> https://ossindex.sonatype.org/vuln/24585a7f-eb6b-4d8d-a2a9-a6f16cc7c1d0
> com.google.protobuf:protobuf-java:jar:2.5.0:compile
>  * [CVE-2015-5237] Improper Restriction of Operations within the Bounds of a 
> Memory Buffer (8.8); 
> https://ossindex.sonatype.org/vuln/d47d20ab-eb2a-4cfd-8064-bbf6283649cb
> Maybe it worth to add {{audit}} plugin to the build/release?
> {{mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (TIKA-2801) Tika includes 2 vulnerable components

Reply via email to