[jira] [Commented] (OFBIZ-10826) Upgrade Apache Tika to 1.20 (CVE-2018-8017/CVE-2018-17197)

Deepak Dixit (JIRA) Wed, 30 Jan 2019 03:46:30 -0800


    [ 
https://issues.apache.org/jira/browse/OFBIZ-10826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16756010#comment-16756010
 ]


Deepak Dixit commented on OFBIZ-10826:
--------------------------------------

This has been fixed in R17.12 framework at r#1852517

If we want to backport this to 16.11, we need to update apache poi to atleast 
3.17

> Upgrade Apache Tika to 1.20 (CVE-2018-8017/CVE-2018-17197)
> ----------------------------------------------------------
>
>                 Key: OFBIZ-10826
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-10826
>             Project: OFBiz
>          Issue Type: Bug
>    Affects Versions: Trunk, 17.12.01, 16.11.05, 18.12.01
>            Reporter: Deepak Dixit
>            Assignee: Deepak Dixit
>            Priority: Major
>
> Need to upgrade Apache tika to 1.20.
> Here are the several security vulnerabilities reported for Apache Tika 
> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=%22Apache%20tika%22



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OFBIZ-10826) Upgrade Apache Tika to 1.20 (CVE-2018-8017/CVE-2018-17197)

Reply via email to