[
https://issues.apache.org/jira/browse/TIKA-4183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17809670#comment-17809670
]
Tim Allison commented on TIKA-4183:
-----------------------------------
Speaking personally, I realize that
https://nvd.nist.gov/vuln/detail/CVE-2023-35116 sets off warnings among the
scanners. But realistically, as the authors of the library state, this is not
an issue generally, and I can't imagine how this would be an issue in Tika.
Again, personal opinion, this is not worth creating a release of 2.9.2.
If anyone disagrees, please let us know.
> Update jackson-databind jar to 2.16.0 or higher (CVE-2023-35116)
> ----------------------------------------------------------------
>
> Key: TIKA-4183
> URL: https://issues.apache.org/jira/browse/TIKA-4183
> Project: Tika
> Issue Type: Bug
> Affects Versions: 2.9.1
> Reporter: Dhoka Pramod
> Priority: Major
>
> Latest stable tika version 2.9.1 (in tika eval app) still has
> jackson-databind-2.15.2.
> It needs to be updated to 2.16.0 or higher to addressÂ
> [https://nvd.nist.gov/vuln/detail/CVE-2023-35116]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
