[jira] [Created] (TIKA-2699) Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika

Abhijit Rajwade (JIRA) Tue, 31 Jul 2018 03:22:46 -0700

Abhijit Rajwade created TIKA-2699:
-------------------------------------

             Summary: Security: Sonatype Nexus scan is reporting multiple 
vulnearbilities on the bouncy castle version used by Apache Tika
                 Key: TIKA-2699
                 URL: https://issues.apache.org/jira/browse/TIKA-2699
             Project: Tika
          Issue Type: Bug
    Affects Versions: 1.18, 1.17
            Reporter: Abhijit Rajwade



Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the 
bouncy castle version used by Apache Tika.

Vulnerabilities reported are CVE-2016-1000338, CVE-2016-1000340, 
CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000352

The recommendation is to upgrade to non vulnerable Bouncy castle version 1.57 
or later (1.58, 1.59, 1.60).

Can you please upgrade Bouncy castle to a non vulnerable version?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (TIKA-2699) Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika

Reply via email to