[ https://issues.apache.org/jira/browse/TIKA-2570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16371946#comment-16371946 ]
ASF GitHub Bot commented on TIKA-2570: -------------------------------------- ewanmellor opened a new pull request #219: Fix for TIKA-2570 contributed by ewanmellor. URL: https://github.com/apache/tika/pull/219 Upgrade use of jackson to 2.9.4. Versions 2.9.2 and 2.9.3 allow unauthenticated remote code execution, labeled CVE-2017-17485. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Tika 1.17 uses vulnerable Jackson version 2.9.2 > ----------------------------------------------- > > Key: TIKA-2570 > URL: https://issues.apache.org/jira/browse/TIKA-2570 > Project: Tika > Issue Type: Task > Reporter: Julian Reschke > Priority: Minor > > See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485 -- This message was sent by Atlassian JIRA (v7.6.3#76005)