[
https://issues.apache.org/jira/browse/TIKA-932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13281656#comment-13281656
]
Jukka Zitting commented on TIKA-932:
------------------------------------
Indeed, good point! As you say, upgrading to 1.4(.1) would in any case be a
good idea, so I'll go forward with this.
> Upgrade to Commons Compress 1.4.1
> ---------------------------------
>
> Key: TIKA-932
> URL: https://issues.apache.org/jira/browse/TIKA-932
> Project: Tika
> Issue Type: Improvement
> Components: parser
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Labels: security
> Fix For: 1.2
>
>
> There's a denial of service vulnerability (CVE-2012-2098) in Commons Compress
> versions up to 1.4 (we currently use 1.3) that can be triggered with a
> specially crafted bzip2 document.
> Tika already has higher-level features (ForkParser, etc.) for dealing with
> problems like this, but it would in any case be good to upgrade our Commons
> Compress dependency to the new 1.4.1 release that fixes the vulnerability.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
