Hello, I am trying to build Tika 2.9.1 on my ubuntu 18.04 and I received this error:
[ERROR] Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (audit-dependencies) on project tika-parser-nlp-module: Detected 1 vulnerable components: [ERROR] org.apache.uima:uimaj-core:jar:3.4.1:provided; https://ossindex.sonatype.org/component/pkg:maven/org.apache.uima/[email protected]?utm_source=3Dossindex-client&utm_medium=3Dintegration&utm_content3D1.8.1 [ERROR] * [CVE-2023-39913] CWE-20: Improper Input Validation (8.8); https://ossindex.sonatype.org/vulnerability/CVE-2023-39913?component-type=3Dmaven&component-name=3Dorg.apache.uima%2Fuimaj-core&utm_source=3Dossindex-client&utm_medium=3Dintegration&utm_content=3D1.8.1 [ERROR]=20 [ERROR] Excluded coordinates: [ERROR] - xerces:xercesImpl:2.12.2 I have however updated uimaj to version 3.5.0, but it looks like `mvn clean install` is not picking that up and keeps reporting that error, so I am wondering if I need to make other update to some config file or something… Idk, should I remove uimaj 3.4.1 from my system? I am now installing using `mvn clean install -Dossindex.skip`, but wanted to be sure that the new uimaj 3.5.0 version will be linked properly… Thank you, Simone
