[TIKA-932] Upgrade to Commons Compress 1.4.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.2
Component/s: parser
Labels:
- security

Description

There's a denial of service vulnerability (CVE-2012-2098) in Commons Compress versions up to 1.4 (we currently use 1.3) that can be triggered with a specially crafted bzip2 document.

Tika already has higher-level features (ForkParser, etc.) for dealing with problems like this, but it would in any case be good to upgrade our Commons Compress dependency to the new 1.4.1 release that fixes the vulnerability.

Attachments

Activity

People

Assignee:: Jukka Zitting

Reporter:: Jukka Zitting

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/May/12 14:57

Updated:: 01/Oct/12 12:23

Resolved:: 29/Jun/12 21:21