This is an automated email from the ASF dual-hosted git repository. tallison pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/master by this push: new c802419 TIKA-2561 -- update jsoup version in grib parser to avoid xss vuln c802419 is described below commit c80241952fa2f515687c6479768d24d7e907653c Author: tballison <talli...@mitre.org> AuthorDate: Fri Feb 2 08:10:00 2018 -0500 TIKA-2561 -- update jsoup version in grib parser to avoid xss vuln --- tika-parsers/pom.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tika-parsers/pom.xml b/tika-parsers/pom.xml index 5d85b70..85e9cd2 100644 --- a/tika-parsers/pom.xml +++ b/tika-parsers/pom.xml @@ -406,8 +406,19 @@ <groupId>edu.ucar</groupId> <artifactId>jj2000</artifactId> </exclusion> + <exclusion> + <groupId>org.jsoup</groupId> + <artifactId>jsoup</artifactId> + </exclusion> </exclusions> </dependency> + <!-- grib's current jsoup is vulnerable to xss + exclude and import a more modern version TIKA-2561--> + <dependency> + <groupId>org.jsoup</groupId> + <artifactId>jsoup</artifactId> + <version>1.11.2</version> + </dependency> <dependency> <groupId>edu.ucar</groupId> <artifactId>cdm</artifactId> -- To stop receiving notification emails like this one, please contact talli...@apache.org.