This is an automated email from the ASF dual-hosted git repository. tallison pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tika.git
commit 1939d30047733897e635e457dde0a6cad8cfd7dd Author: tallison <talli...@apache.org> AuthorDate: Mon Oct 28 11:30:14 2019 -0400 TIKA-2925 -- bump quartz-scheduler to avoid cve --- tika-parsers/pom.xml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tika-parsers/pom.xml b/tika-parsers/pom.xml index f0fb80b..f3ee26d 100644 --- a/tika-parsers/pom.xml +++ b/tika-parsers/pom.xml @@ -585,8 +585,18 @@ <groupId>c3p0</groupId> <artifactId>c3p0</artifactId> </exclusion> + <exclusion> + <groupId>org.quartz-scheduler</groupId> + <artifactId>quartz</artifactId> + </exclusion> </exclusions> </dependency> + <!--needs to be bumped for xml vulnerability --> + <dependency> + <groupId>org.quartz-scheduler</groupId> + <artifactId>quartz</artifactId> + <version>2.3.2</version> + </dependency> <!-- needs to be excluded and version bumped to avoid billion laughs vuln --> <dependency>