[
https://issues.apache.org/jira/browse/TIKA-3488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17455320#comment-17455320
]
Hudson commented on TIKA-3488:
------------------------------
FAILURE: Integrated in Jenkins build Tika ยป tika-main-jdk8 #376 (See
[https://ci-builds.apache.org/job/Tika/job/tika-main-jdk8/376/])
TIKA-3488 -- update jdom2 (tallison:
[https://github.com/apache/tika/commit/70280c3c759706a2b8a2eb1f13c63a5d51475aaa])
* (edit) tika-parsers/tika-parsers-ml/tika-parser-nlp-module/pom.xml
* (edit) tika-parent/pom.xml
> Security issue XXE in TIKA due to JDOM
> --------------------------------------
>
> Key: TIKA-3488
> URL: https://issues.apache.org/jira/browse/TIKA-3488
> Project: Tika
> Issue Type: Task
> Components: tika-server
> Affects Versions: 1.25
> Reporter: Arvind Jagtap
> Priority: Major
>
> Apache TIKA 1.35 is vulnerable due to dependency on JDOM 2.0.6. Black Duck
> Hub has reported this vulnerability CVE-2021-33813 with more detail on the
> following page.
> [https://nvd.nist.gov/vuln/detail/CVE-2021-33813#range-6782705]
> Although the following issue is entered, it is not yet fixed and there is no
> timeline given.
> https://github.com/hunterhacker/jdom/issues/189
> There are some workaround discussed on this issue. Can this be fixed in TIKA
> in the meanwhile?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
