On Thu, Jan 11, 2018 at 02:03:23PM +0200, Faidon Liambotis wrote:
> On Fri, May 27, 2016 at 11:58:33AM +0200, Moritz Muehlenhoff wrote:
> > please see http://seclists.org/oss-sec/2016/q2/413 for details.
> That link says:
> Versions Affected:
> Apache Tika 0.10 to 1.12
> So perhaps 1.5 isn't affected after all? I tried to find the relevant
> commit in the upstream git but failed :(
in 1.17 added a test case, so this might be related to changes in Xerces/J
which are possibly bundled by Tika downloads? Might be worth clarifying with
Tim Allison <talli...@apache.org>.
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.