[
https://issues.apache.org/jira/browse/TIKA-4532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18033804#comment-18033804
]
Tilman Hausherr edited comment on TIKA-4532 at 10/29/25 12:00 PM:
------------------------------------------------------------------
"only a few" = 41 files
and the dependency is updated regularly so I don't see the problem?!
And the currently released version uses 3.18 which is still safe.
was (Author: tilman):
"only a few" = 41 files
and the dependency is updated regularly so I don't see the problem?!
> Drop commons-lang3 dependency
> -----------------------------
>
> Key: TIKA-4532
> URL: https://issues.apache.org/jira/browse/TIKA-4532
> Project: Tika
> Issue Type: Improvement
> Affects Versions: 3.2.3
> Reporter: Vladimir Sitnikov
> Priority: Major
>
> Currently, there are only a few commons-lang3 usages in apache tika (see
> https://github.com/search?q=repo%3Aapache%2Ftika%20commons.lang3&type=code ),
> and it would be great if
> commons-lang3 is a big dependency with lots of stuff, and it is unfortunate
> to get CVEs via commons-lang3:
> https://mvnrepository.com/artifact/org.apache.commons/commons-lang3
> See https://github.com/apache/maven-doxia/issues/1006
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
