Tim Allison commented on TIKA-2561:

This is helpful.  It boggles my imagination that this could be a problem for 
the grib parser in our context, but I've had failures of imagination before, 
and it is better to include deps that don't have known vulns in case another 
parser winds up pulling it in or in case my imagination fails :).  Upgrade 
made.  Thank you!

> Tika Parser includes oudated/vulnerable version of JSoup
> --------------------------------------------------------
>                 Key: TIKA-2561
>                 URL: https://issues.apache.org/jira/browse/TIKA-2561
>             Project: Tika
>          Issue Type: Bug
>          Components: parser
>    Affects Versions: 1.17
>            Reporter: Asela
>            Priority: Major
> org.apache.tika:tika-parsers:1.17 pulls in dependency JSoup 1.7.2.
> JSoup versions older than 1.8.3 have a vulnerability in parsing.
> https://nvd.nist.gov/vuln/detail/CVE-2015-6748

This message was sent by Atlassian JIRA

Reply via email to