[jira] [Resolved] (TIKA-2699) Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika

Tim Allison (JIRA) Tue, 31 Jul 2018 03:42:16 -0700


     [ 
https://issues.apache.org/jira/browse/TIKA-2699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tim Allison resolved TIKA-2699.
-------------------------------
       Resolution: Duplicate
    Fix Version/s: 1.19

Just fixed this. Thank you!

> Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the 
> bouncy castle version used by Apache Tika
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: TIKA-2699
>                 URL: https://issues.apache.org/jira/browse/TIKA-2699
>             Project: Tika
>          Issue Type: Bug
>    Affects Versions: 1.17, 1.18
>            Reporter: Abhijit Rajwade
>            Priority: Major
>              Labels: security
>             Fix For: 1.19
>
>
> Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the 
> bouncy castle version used by Apache Tika.
> Vulnerabilities reported are CVE-2016-1000338, CVE-2016-1000340, 
> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000352
> The recommendation is to upgrade to non vulnerable Bouncy castle version 1.57 
> or later (1.58, 1.59, 1.60).
> Can you please upgrade Bouncy castle to a non vulnerable version?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (TIKA-2699) Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika

Reply via email to