[
https://issues.apache.org/jira/browse/TIKA-1380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14108960#comment-14108960
]
Magnus Lövgren commented on TIKA-1380:
--------------------------------------
The security issues CVE-2014-3529 and CVE-2014-3574 was fixed in the POI 3.10.1
and POI 3.11-beta2 release. Upgrading POI from 3.10-FINAL to 3.11-beta1 will
NOT fix these! Though, seems trunk and the 1.6 branch are actually using
3.11-beta2 (i.e. POI security issues are actually fixed in Tika 1.6).
-> Rename this JIRA to avoid confusion
> Upgrade to Apache POI 3.11 beta 1
> ---------------------------------
>
> Key: TIKA-1380
> URL: https://issues.apache.org/jira/browse/TIKA-1380
> Project: Tika
> Issue Type: Improvement
> Components: parser
> Affects Versions: 1.6
> Reporter: Nick Burch
> Fix For: 1.6, 1.7
>
> Attachments: TIKA-1380.patch, TIKA-1380_nullOLELabel.patch,
> TIKA-1380b.patch, TIKA-1380c.patch, tika-commentstable-missing.diff
>
>
> All being well, in a week there'll be a new release of Apache POI available,
> 3.11 beta 1
> This issue is to track the upgrade, any required changes, and fixing any
> TODOs that this upgrade permits
--
This message was sent by Atlassian JIRA
(v6.2#6252)
