[jira] [Comment Edited] (TIKA-2504) Upgrade or remove plexus-utils

Tim Allison (JIRA) Tue, 14 Nov 2017 08:00:15 -0800

    [ 
https://issues.apache.org/jira/browse/TIKA-2504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16249871#comment-16249871
 ]


Tim Allison edited comment on TIKA-2504 at 11/14/17 3:59 PM:
-------------------------------------------------------------

[~lfcnassif] or [~gagravarr], vfs2 is an optional dependency for the RARParser. 
The version of vfs2 that is optional is bringing along the vulnerable 
plexus-utils.  Do we need vfs2 at all?  If we do can we exclude it from junrar, 
and then add back 2.2, which doesn't require plexus-utils?


was (Author: talli...@mitre.org):
[~lfcnassif] or [~gagravarr], vfs2 is an optional dependency for the RARParser. 
The version of vfs2 that is optional is bringing along the vulnerable 
plexus-utils.  Do we need vfs2 at all?  If we do can we exclude from junrar, 
and then add back 2.2, which doesn't require plexus-utils?

> Upgrade or remove plexus-utils
> ------------------------------
>
>                 Key: TIKA-2504
>                 URL: https://issues.apache.org/jira/browse/TIKA-2504
>             Project: Tika
>          Issue Type: Sub-task
>            Reporter: Tim Allison
>




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Comment Edited] (TIKA-2504) Upgrade or remove plexus-utils

Reply via email to