Hi, I have a question regarding CVE-2022-30126 as announced in [0]. Could you point me to the commit that fixes the CVE in Version 1.28.2? I only found [1], which is only available in 2.4.0, which is why I was wondering if that is the right fix.
Thank you very much! Kind regards, Cathy Hu [0] https://lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4 [1] https://github.com/apache/tika/commit/83b0de4d60161ebd4bc224141a959ac8c18d95f4 -- Cathy Hu <[email protected]> Security Engineer GPG: 5873 CFD1 8C0E A6D4 9CBB F6C4 062A 1016 1505 A08A SUSE Software Solutions Germany GmbH Frankenstrasse 146 90461 Nürnberg Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman (HRB 36809, AG Nürnberg)
signature.asc
Description: This is a digitally signed message part
