[jira] [Commented] (TIKA-2368) Clean up SentimentParser dependencies

Sun, 14 Oct 2018 01:14:40 -0700 


    [ 
https://issues.apache.org/jira/browse/TIKA-2368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16649290#comment-16649290
 ] 

Oleg Tikhonov commented on TIKA-2368:
-------------------------------------

{code:java}
[INFO] Apache Tika parent ................................. SUCCESS [ 21.607 s] 
[INFO] Apache Tika core ................................... SUCCESS [  1.692 s] 
[INFO] Apache Tika parsers ................................ SUCCESS [  7.597 s] 
[INFO] Apache Tika XMP .................................... SUCCESS [  3.818 s] 
[INFO] Apache Tika serialization .......................... SUCCESS [  1.064 s] 
[INFO] Apache Tika batch .................................. SUCCESS [  2.633 s] 
[INFO] Apache Tika language detection ..................... SUCCESS [  1.204 s] 
[INFO] Apache Tika application ............................ SUCCESS [  3.097 s] 
[INFO] Apache Tika OSGi bundle ............................ SUCCESS [  3.941 s] 
[INFO] Apache Tika translate .............................. SUCCESS [  1.443 s] 
[INFO] Apache Tika server ................................. SUCCESS [  5.369 s] 
[INFO] Apache Tika examples ............................... FAILURE [  4.380 s] 
[INFO] Apache Tika Java-7 Components ...................... SKIPPED [INFO] 
Apache Tika eval ................................... SKIPPED [INFO] Apache Tika 
Deep Learning (powered by DL4J) ........ SKIPPED [INFO] Apache Tika Natural 
Language Processing ............ SKIPPED [INFO] Apache Tika 
........................................ SKIPPED [INFO] 
------------------------------------------------------------------------ [INFO] 
BUILD FAILURE [INFO] 
------------------------------------------------------------------------ [INFO] 
Total time: 01:04 min [INFO] Finished at: 2018-10-14T11:07:24+03:00 [INFO] 
Final Memory: 33M/275M [INFO] 
------------------------------------------------------------------------ 
[ERROR] Failed to execute goal 
org.sonatype.ossindex.maven:ossindex-maven-plugin:3.0.1:audit (default-cli) on 
project tika-example: Detected 1 vulnerable components: [ERROR]   
org.springframework:spring-core:jar:3.2.16.RELEASE:compile; 
https://ossindex.sonatype.org/component/pkg:maven/org.springframework/[email protected]
 [ERROR]     * [CVE-2018-1270]  Improperly Implemented Security Check for 
Standard (9.8); 
https://ossindex.sonatype.org/vuln/9a3de118-b038-49ed-9af7-533210c9d85f [ERROR] 
    * [CVE-2018-1271]  Improper Limitation of a Pathname to a Restricted 
Directory ("Path Traversal") (5.9); 
https://ossindex.sonatype.org/vuln/580d61c3-20df-4bb8-99c3-36c89e0d7550 [ERROR] 
    * [CVE-2018-1272]  Permissions, Privileges, and Access Controls (7.5); 
https://ossindex.sonatype.org/vuln/aa7190e3-4c47-42d6-82f6-afaf1da5762e [ERROR] 
[ERROR] ->
{code}
I've upgraded spring-context to 4.3.19.RELEASE and is passed the scanning.

 

 

 

> Clean up SentimentParser dependencies
> -------------------------------------
>
>                 Key: TIKA-2368
>                 URL: https://issues.apache.org/jira/browse/TIKA-2368
>             Project: Tika
>          Issue Type: Improvement
>            Reporter: Tim Allison
>            Priority: Blocker
>
> Is there any way to avoid reliance on edu.usc.ir's sentiment-analysis-parser? 
>  I ask because:
> {noformat}
> [WARNING] sentiment-analysis-parser-0.1.jar, tika-parsers-1.15-SNAPSHOT.jar 
> define 1 overlapping classes: 
> [WARNING]   - org.apache.tika.parser.sentiment.analysis.SentimentParser
> [WARNING] tika-core-1.15-SNAPSHOT.jar, tika-translate-1.15-SNAPSHOT.jar 
> define 4 overlapping classes: 
> [WARNING]   - org.apache.tika.language.translate.DefaultTranslator$1
> [WARNING]   - org.apache.tika.language.translate.EmptyTranslator
> [WARNING]   - org.apache.tika.language.translate.DefaultTranslator
> [WARNING]   - org.apache.tika.language.translate.Translator
> {noformat}
> We should be ok keeping things as they are and excluding SentimentParser and 
> tika-translate, but can we easily move the code that's still in edu.usc.ir's 
> package into Tika?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to