[
https://issues.apache.org/jira/browse/TIKA-3375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17334847#comment-17334847
]
Kenneth William Krugler commented on TIKA-3375:
-----------------------------------------------
Yes. And I think it's best to have release discussions on the mailing list(s) :)
> Release new version
> -------------------
>
> Key: TIKA-3375
> URL: https://issues.apache.org/jira/browse/TIKA-3375
> Project: Tika
> Issue Type: Wish
> Reporter: Chris Dressen
> Priority: Major
>
> Hello,
> It seems that Tika v1.26 is using apache cxf 3.4.2. It was discovered
> somewhat recently that there is a vulnerability in that particular library
> and a fix has been made in 3.4.3. See CVE-2021-22696 for more details.
> It looks like there is already a fix in the main branch performed in the
> following commit:
> [https://github.com/apache/tika/commit/cacde72bb5dea1c4dd6de1e796ced32b8708fa57]
> Is it possible to get Tika v1.27 released so this vulnerability can be
> mitigated?
> Thanks!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
