[ https://issues.apache.org/jira/browse/TIKA-4236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834280#comment-17834280 ]
Julian Reschke commented on TIKA-4236: -------------------------------------- AFAIU, 1.x might get updates when security relevant, no? Right now this shows up as vulnerability at https://mvnrepository.com/artifact/org.apache.tika/tika-parsers/1.28.5 I'm not saying this mandates a release, but should a release ever be made, it would be good to include this. (and yes, coming from a project which painted itself into a corner, having a hard time to upgrade) > tika-parser-nlp-module has an unnecessary Guava dependency > ---------------------------------------------------------- > > Key: TIKA-4236 > URL: https://issues.apache.org/jira/browse/TIKA-4236 > Project: Tika > Issue Type: Bug > Components: parser > Affects Versions: 1.28.5, 3.0.0-BETA, 2.9.2 > Reporter: Manfred Baedke > Priority: Major > > This should be avoided, because it's prone to maintenance and security > problems. > It's easy to get rid of it: the class > {{o.a.t.parser.geo.topic.gazetteer.GeoGazetteerClient}} uses > {{{}com.google.common.reflect.TypeToken{}}}. Since the project uses gson > anyway, it could just be replaced with > {{{}com.google.gson.reflect.TypeToken{}}}. -- This message was sent by Atlassian Jira (v8.20.10#820010)