[jira] [Created] (TIKA-3491) Upgrade version for TPS: commons-compress to 1.21 in tika-bundle

Shubhangi Raut (Jira) Thu, 22 Jul 2021 00:34:11 -0700

Shubhangi Raut created TIKA-3491:
------------------------------------

             Summary: Upgrade version for TPS: commons-compress to 1.21 in 
tika-bundle
                 Key: TIKA-3491
                 URL: https://issues.apache.org/jira/browse/TIKA-3491
             Project: Tika
          Issue Type: Bug
    Affects Versions: 1.27
            Reporter: Shubhangi Raut



tika-bundle-1.27 uses commons-compress-1.20.

There are following vulnerabilities reported in commons-compress-1.20 as per 
National Vulnerability Database:
 1. 
[CVE-2021-35515|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515] 
 2. 
[CVE-2021-35516|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516] 
 3. 
[CVE-2021-35517|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517]
 4. 
[CVE-2021-36090|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090]

commons-compress-1.21 is non-vulnerable version. Please consider upgrading to 
it in the next release.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (TIKA-3491) Upgrade version for TPS: commons-compress to 1.21 in tika-bundle

Reply via email to