[
https://issues.apache.org/jira/browse/TIKA-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim Allison resolved TIKA-3230.
-------------------------------
Fix Version/s: 1.25
Resolution: Fixed
> Upgrade junit and turn off ossindex warning
> -------------------------------------------
>
> Key: TIKA-3230
> URL: https://issues.apache.org/jira/browse/TIKA-3230
> Project: Tika
> Issue Type: Task
> Reporter: Tim Allison
> Assignee: Tim Allison
> Priority: Trivial
> Fix For: 1.25
>
>
> We're now getting this warning:
> {noformat}
> Detected 1 vulnerable components:
> junit:junit:jar:4.13:test;
> https://ossindex.sonatype.org/component/pkg:maven/junit/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
> * [CVE-2020-15250] In JUnit4 from version 4.7 and before 4.13.1, the test
> rule TemporaryFolder cont... (5.5);
> https://ossindex.sonatype.org/vuln/7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1?component-type=maven&component-name=junit.junit&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
> {noformat}
> I continued to get that warning even after upgrading to 4.13.1, even though,
> CVE-2020-15250 says that 4.13.1 fixes the problem.
> (https://nvd.nist.gov/vuln/detail/CVE-2020-15250)
> So, when we upgrade, we should also configure ossindex to stop complaining
> about 4.13.1.
> Will take this later today.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
