Chris Dressen created TIKA-3375:
-----------------------------------
Summary: Release new version
Key: TIKA-3375
URL: https://issues.apache.org/jira/browse/TIKA-3375
Project: Tika
Issue Type: Wish
Reporter: Chris Dressen
Hello,
It seems that Tika v1.26 is using apache cxf 3.4.2. It was discovered somewhat
recently that there is a vulnerability in that particular library and a fix has
been made in 3.4.3. See CVE-2021-22696 for more details.
It looks like there is already a fix in the main branch performed in the
following commit:
[https://github.com/apache/tika/commit/cacde72bb5dea1c4dd6de1e796ced32b8708fa57]
Is it possible to get Tika v1.27 released so this vulnerability can be
mitigated?
Thanks!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
