Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-2887

Build fails with CVE warnings

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 1.21
    • 1.22
    • None

    • Win 10 64bit

      JDK 8

    • Important

    Description

      When running the initial build script it fails with two CVE warnings.

      [INFO] Apache Tika OSGi bundle 1.21 ....................... FAILURE [  9.932 s]

      [INFO] BUILD FAILURE

      [ERROR] Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.0.4:audit (audit-dependencies) on project tika-bundle: Detected 2 vulnerable components:
      [ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8:compile; https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
      [ERROR] * [CVE-2019-12086] Information Exposure (7.5); https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029
      [ERROR] c3p0:c3p0:jar:0.9.1.1:compile; https://ossindex.sonatype.org/component/pkg:maven/c3p0/c3p0@0.9.1.1
      [ERROR] * [CVE-2019-5427] Resource Management Errors (7.5); https://ossindex.sonatype.org/vuln/d25f4c21-9e76-4fc2-9d73-3770aa3aec56

      Attachments

        Issue Links

          duplicates

          Task - A task that needs to be done. TIKA-2878 Update dependencies for 1.22

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              tcraig.alpha T Craig
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: