Categorization: Unclassified Hi Tim: Thanks for the prompt response! It's good to know the fix is coming. Thanks, Fred
On 2022/11/01 18:32:31 Tim Allison wrote: > Looks like an update was released about 2 weeks ago. I wasn't aware of > that. I'll update it in main now. > > I'll check with the team on the dev list about our next release. > > Thank you for notifying us. > > On Tue, Nov 1, 2022 at 2:02 PM Kurz, Fred via user <[email protected]> > wrote: > > > *Categorization: Unclassified * > > > > Hi: > > > > > > > > I hope you can help, or forward this to someone who can. > > > > > > > > I am an IT Team Lead at the Canada Revenue Agency (CRA). We are currently > > on Tika 1.2x and wanted to upgrade to 2.4.1 but are being blocked by > > internal security policies because of the three CVEs impacting it. Version > > 2.5.0 still has one of the vulnerabilities (CVE-2022-42003) so we still > > can't upgrade to it either. > > > > > > > > When will CVE-2022-42003 be eliminated from Tika 2.5.x? > > > > > > > > Thank you, > > > > Fred Kurz > > > > > > > > > > >
