[
https://issues.apache.org/jira/browse/TIKA-2952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17044228#comment-17044228
]
Hudson commented on TIKA-2952:
------------------------------
SUCCESS: Integrated in Jenkins build tika-branch-1x #310 (See
[https://builds.apache.org/job/tika-branch-1x/310/])
TIKA-2952 -- Upgrade metadata-extractor to 2.13.0 (tallison:
[https://github.com/apache/tika/commit/2f5693541a7df99f9693837371bc43f51e46f702])
* (edit) tika-parsers/pom.xml
* (edit) CHANGES.txt
* (edit) tika-xmp/pom.xml
* (edit) tika-bundle/pom.xml
> Vulnerable "metadata-extractor 2.11.0" is present in tika 1.22.
> ---------------------------------------------------------------
>
> Key: TIKA-2952
> URL: https://issues.apache.org/jira/browse/TIKA-2952
> Project: Tika
> Issue Type: Bug
> Reporter: Aman Mishra
> Assignee: Tim Allison
> Priority: Major
> Fix For: 1.24
>
> Attachments: TIKA-2952_draft.patch
>
>
> We can see that metadata-extractor with version 2.11.0 is present in
> tika-bundle 1.22 jar. We can see that even latest metadata-extractor with
> version 2.12.0 is also vulnerable.
>
> So please confirm your side that "Is this vulnerability [CVE-2019-14262] is
> impacting to tika or not ?"
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
