Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-2699

Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 1.17, 1.18
    • 1.19
    • None

    Description

      Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika.

      Vulnerabilities reported are CVE-2016-1000338, CVE-2016-1000340, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000352

      The recommendation is to upgrade to non vulnerable Bouncy castle version 1.57 or later (1.58, 1.59, 1.60).

      Can you please upgrade Bouncy castle to a non vulnerable version?

      Attachments

        Issue Links

          is related to

          Task - A task that needs to be done. TIKA-2692 Blanket upgrades in prep for 1.19

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              arajwade Abhijit Rajwade
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: