[jira] [Closed] (TIKA-4183) Update jackson-databind jar to 2.16.0 or higher (CVE-2023-35116)

Tilman Hausherr (Jira) Mon, 22 Jan 2024 02:11:05 -0800


     [ 
https://issues.apache.org/jira/browse/TIKA-4183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tilman Hausherr closed TIKA-4183.
---------------------------------
    Resolution: Duplicate

duplicate of TIKA-4162, it was done there on 17.11.2023 in 
a8c3879a59a4a8ccb8522518a286ebef442c0f4c, the commits are all missing for some 
reason. It will be in 2.9.2. No, I don't know when this will be released.

> Update jackson-databind jar to 2.16.0 or higher (CVE-2023-35116)
> ----------------------------------------------------------------
>
>                 Key: TIKA-4183
>                 URL: https://issues.apache.org/jira/browse/TIKA-4183
>             Project: Tika
>          Issue Type: Bug
>    Affects Versions: 2.9.1
>            Reporter: Dhoka Pramod
>            Priority: Major
>
> Latest stable tika version 2.9.1 (in tika eval app) still has 
> jackson-databind-2.15.2.
> It needs to be updated to 2.16.0 or higher to address 
> [https://nvd.nist.gov/vuln/detail/CVE-2023-35116]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (TIKA-4183) Update jackson-databind jar to 2.16.0 or higher (CVE-2023-35116)

Reply via email to