[jira] [Commented] (TIKA-3084) Migrate mp4 parsing to sannies' fork

Mon, 13 Apr 2020 09:22:05 -0700 


    [ 
https://issues.apache.org/jira/browse/TIKA-3084?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17082453#comment-17082453
 ] 

Hudson commented on TIKA-3084:
------------------------------

SUCCESS: Integrated in Jenkins build tika-branch-1x #331 (See 
[https://builds.apache.org/job/tika-branch-1x/331/])
TIKA-3084 -- upgrade mp4 parser dependency (tallison: 
[https://github.com/apache/tika/commit/8e2eb05292bc35503a3d82a908c426854e23ac83])
* (delete) 
tika-parsers/src/main/java/org/apache/tika/parser/mp4/DirectFileReadDataSource.java
* (edit) tika-parsers/src/main/java/org/apache/tika/parser/mp4/MP4Parser.java
* (edit) 
tika-parsers/src/test/java/org/apache/tika/parser/mp4/MP4ParserTest.java
* (edit) tika-parsers/pom.xml


> Migrate mp4 parsing to sannies' fork
> ------------------------------------
>
>                 Key: TIKA-3084
>                 URL: https://issues.apache.org/jira/browse/TIKA-3084
>             Project: Tika
>          Issue Type: Task
>            Reporter: Tim Allison
>            Assignee: Tim Allison
>            Priority: Major
>             Fix For: 1.24.1
>
>
> Our MP4 parser relies on googlecode's mp4parser.  This hasn't been updated in 
> a while (March 2017).   We can fairly seamlessly move to Sannies' fork, which 
> was last updated in Sept 2019.
> I looked into this migration a while ago, and sannies had fixed several 
> problems in the older parser, but it had introduced some new catastrophic 
> vulnerabilities.  Let's take a look now, and see where we are.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to