If you bump cxf one version, then the complaints stop ;-) https://github.com/apache/tika/pull/316/commits/ee93e6d3d91bdfc40f838556c13698ea5c78e936
> On Apr 8, 2020, at 5:35 AM, Sergey Beryozkin <[email protected]> wrote: > > Hi Lewis > > Getting one of the latest releases should be fine; while I've been out of > touch with CXF recently, I can ask around for some version advice as the > guys deal with the security vulnerabilities seriously there, if addressing > this issue proves problematic > Cheers, Sergey > > On Tue, Apr 7, 2020 at 10:44 PM Lewis John McGibbney <[email protected]> > wrote: > >> I suspected this was the case folks :) >> I actually really like this idea. >> I'll take the action item to address this seeing as I pulled it up... >> seeing as I am also working on tika-server right now I'll also take the >> action item to address the vulnerable CXF deps. >> Thanks, >> Lewis >> >> On 2020/04/06 16:19:16, Tim Allison <[email protected]> wrote: >>>> We shouldn't have any at release time, but they will obviously creep in >>> between releases >>> >>> Except the time, where I did the release and was trying to build it for >>> updating the site, and this had already kicked in. :( >>> >>> Y, we can turn this to warn, as long as we run it with fail as part of >> the >>> release process. >>> >>> On Mon, Apr 6, 2020 at 9:59 AM Nick Burch <[email protected]> wrote: >>> >>>> On Mon, 6 Apr 2020, Eric Pugh wrote: >>>>> Maybe this needs better documentation, however this is a “works as >>>>> designed” feature! >>>>> >>>>> To avoid the build failing, run mvn package -Dossindex.fail=false >>>> >>>> Should we maybe have this set to false by default, and only enabled >>>> on release builds? >>>> >>>> (We shouldn't have any at release time, but they will obviously creep >> in >>>> between releases) >>>> >>>> Nick >>> >> _______________________ Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 | http://www.opensourceconnections.com <http://www.opensourceconnections.com/> | My Free/Busy <http://tinyurl.com/eric-cal> Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw> This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.
