[
https://issues.apache.org/jira/browse/TIKA-4236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834280#comment-17834280
]
Julian Reschke commented on TIKA-4236:
--------------------------------------
AFAIU, 1.x might get updates when security relevant, no? Right now this shows
up as vulnerability at
https://mvnrepository.com/artifact/org.apache.tika/tika-parsers/1.28.5
I'm not saying this mandates a release, but should a release ever be made, it
would be good to include this.
(and yes, coming from a project which painted itself into a corner, having a
hard time to upgrade)
> tika-parser-nlp-module has an unnecessary Guava dependency
> ----------------------------------------------------------
>
> Key: TIKA-4236
> URL: https://issues.apache.org/jira/browse/TIKA-4236
> Project: Tika
> Issue Type: Bug
> Components: parser
> Affects Versions: 1.28.5, 3.0.0-BETA, 2.9.2
> Reporter: Manfred Baedke
> Priority: Major
>
> This should be avoided, because it's prone to maintenance and security
> problems.
> It's easy to get rid of it: the class
> {{o.a.t.parser.geo.topic.gazetteer.GeoGazetteerClient}} uses
> {{{}com.google.common.reflect.TypeToken{}}}. Since the project uses gson
> anyway, it could just be replaced with
> {{{}com.google.gson.reflect.TypeToken{}}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
