[jira] [Commented] (SLING-12184) Require at least Apache Tika 1.20

Konrad Windszus (Jira) Wed, 06 Dec 2023 07:46:04 -0800


    [ 
https://issues.apache.org/jira/browse/SLING-12184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17793795#comment-17793795
 ]


Konrad Windszus commented on SLING-12184:
-----------------------------------------

I am in favour of reverting, as otherwise it is hard to make our policy 
visible. We still have to document the policy at 
https://sling.apache.org/project-information/security.html (as being mentioned 
in https://lists.apache.org/thread/tskbpqkgt8tbvmggv5tqn9qlm72z4dgg). I am 
gonna come up with a documentation PR for that soon.

> Require at least Apache Tika 1.20
> ---------------------------------
>
>                 Key: SLING-12184
>                 URL: https://issues.apache.org/jira/browse/SLING-12184
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Carsten Ziegeler
>            Assignee: Carsten Ziegeler
>            Priority: Major
>             Fix For: Commons MIME 2.3.0
>
>
> In order to avoid that clients use a vulnerable Apache Tika version, we 
> should increase the minimum version required to at least 1.20



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (SLING-12184) Require at least Apache Tika 1.20

Reply via email to