On Thu, Jan 11, 2018 at 02:03:23PM +0200, Faidon Liambotis wrote:
> On Fri, May 27, 2016 at 11:58:33AM +0200, Moritz Muehlenhoff wrote:
> > please see http://seclists.org/oss-sec/2016/q2/413  for details.
> 
> That link says:
>   Versions Affected: 
>   Apache Tika 0.10 to 1.12
> 
> So perhaps 1.5 isn't affected after all? I tried to find the relevant
> commit in the upstream git but failed :(

Commit 
https://github.com/apache/tika/commit/f444fd784b99b181cd7bd54cdec9fbd132b4ef93
in 1.17 added a test case, so this might be related to changes in Xerces/J
which are possibly bundled by Tika downloads? Might be worth clarifying with
Tim Allison <talli...@apache.org>.

Cheers,
        Moritz

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to