Description
uimafit-core brings spring-core, spring-beans and spring-context with quite ancient version 3.2.x which is not required for parsing and usually clash with actual Spring libs or just pollutes jar if uberjar (shade plugin, onejar, assembly plugin with jar-with-dependencies etc) is used.
Its exclusion from deps seems more or less safe to me. But formally it can be seen as breaking change if someone depends on that tika-parsers provides spring libs transitively.
Attachments
Issue Links
- supercedes
-
TIKA-2716 Sonatype Nexus auditor is reporting that spring framework vesrion used by Tika 1.18 is vulnerable
- Closed