[
https://issues.apache.org/jira/browse/TIKA-3539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17405350#comment-17405350
]
Tim Allison commented on TIKA-3539:
-----------------------------------
We've been tracking this and will release 1.27.1 and probably 2.1.1 as soon as
the fix is released.
The rome parser we're using for news feeds uses jdom, and I don't think there's
a way to switch it out easily. If there is, I'd be more than happy to get rid
of this dependency. Or, if there's an alternative to Rome...
> jdom 2.0.6 dependency in tika-parser-news-module has unfixed CVE
> ----------------------------------------------------------------
>
> Key: TIKA-3539
> URL: https://issues.apache.org/jira/browse/TIKA-3539
> Project: Tika
> Issue Type: Task
> Components: parser
> Affects Versions: 2.1.0
> Reporter: Julian Reschke
> Priority: Major
>
> Might be good to avoid the use of JDOM altogether.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
