[jira] [Commented] (TIKA-2570) Tika 1.17 uses vulnerable Jackson version 2.9.2

ASF GitHub Bot (JIRA) Wed, 21 Feb 2018 12:44:19 -0800

    [ 
https://issues.apache.org/jira/browse/TIKA-2570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16371946#comment-16371946
 ]


ASF GitHub Bot commented on TIKA-2570:
--------------------------------------

ewanmellor opened a new pull request #219: Fix for TIKA-2570 contributed by 
ewanmellor.
URL: https://github.com/apache/tika/pull/219
 
 
   Upgrade use of jackson to 2.9.4.  Versions 2.9.2 and 2.9.3 allow
   unauthenticated remote code execution, labeled CVE-2017-17485.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Tika 1.17 uses vulnerable Jackson version 2.9.2
> -----------------------------------------------
>
>                 Key: TIKA-2570
>                 URL: https://issues.apache.org/jira/browse/TIKA-2570
>             Project: Tika
>          Issue Type: Task
>            Reporter: Julian Reschke
>            Priority: Minor
>
> See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (TIKA-2570) Tika 1.17 uses vulnerable Jackson version 2.9.2

Reply via email to