Description
Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika.
Vulnerabilities reported are CVE-2016-1000338, CVE-2016-1000340, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000352
The recommendation is to upgrade to non vulnerable Bouncy castle version 1.57 or later (1.58, 1.59, 1.60).
Can you please upgrade Bouncy castle to a non vulnerable version?
Attachments
Issue Links
- is related to
-
TIKA-2692 Blanket upgrades in prep for 1.19
- Resolved