[
https://issues.apache.org/jira/browse/TIKA-3375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17334811#comment-17334811
]
Tim Allison commented on TIKA-3375:
-----------------------------------
We have a handful of other items inclining me towards a 1.27 release
soonish...that said, I think we're probably 2-3 weeks out at the earliest to
start the process.
What do fellow devs think?
> Release new version
> -------------------
>
> Key: TIKA-3375
> URL: https://issues.apache.org/jira/browse/TIKA-3375
> Project: Tika
> Issue Type: Wish
> Reporter: Chris Dressen
> Priority: Major
>
> Hello,
> It seems that Tika v1.26 is using apache cxf 3.4.2. It was discovered
> somewhat recently that there is a vulnerability in that particular library
> and a fix has been made in 3.4.3. See CVE-2021-22696 for more details.
> It looks like there is already a fix in the main branch performed in the
> following commit:
> [https://github.com/apache/tika/commit/cacde72bb5dea1c4dd6de1e796ced32b8708fa57]
> Is it possible to get Tika v1.27 released so this vulnerability can be
> mitigated?
> Thanks!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
