[tika] 01/02: TIKA-2925 -- bump quartz-scheduler to avoid cve

tallison Mon, 28 Oct 2019 09:08:54 -0700

This is an automated email from the ASF dual-hosted git repository.

tallison pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tika.git


commit 1939d30047733897e635e457dde0a6cad8cfd7dd
Author: tallison <talli...@apache.org>
AuthorDate: Mon Oct 28 11:30:14 2019 -0400

    TIKA-2925 -- bump quartz-scheduler to avoid cve
---
 tika-parsers/pom.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tika-parsers/pom.xml b/tika-parsers/pom.xml
index f0fb80b..f3ee26d 100644
--- a/tika-parsers/pom.xml
+++ b/tika-parsers/pom.xml
@@ -585,8 +585,18 @@
           <groupId>c3p0</groupId>
           <artifactId>c3p0</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.quartz-scheduler</groupId>
+          <artifactId>quartz</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
+    <!--needs to be bumped for xml vulnerability -->
+    <dependency>
+      <groupId>org.quartz-scheduler</groupId>
+      <artifactId>quartz</artifactId>
+      <version>2.3.2</version>
+    </dependency>
     <!-- needs to be excluded and version bumped
          to avoid billion laughs vuln -->
     <dependency>

[tika] 01/02: TIKA-2925 -- bump quartz-scheduler to avoid cve

Reply via email to