Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-2486

Upgrade metadata-extractor to 2.10.1

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.16
    • Fix Version/s: 1.17
    • Component/s: metadata
    • Labels:
      None

      Description

      ...because earlier versions reference xmpcore 5.1.2 which is affected by http://www.cvedetails.com/cve/CVE-2016-4216/

        Issue Links

          Activity

          Hide
          tallison@mitre.org Tim Allison added a comment -

          Great. Thank you. Let me know if we do need to change anything in master.

          Show
          tallison@mitre.org Tim Allison added a comment - Great. Thank you. Let me know if we do need to change anything in master .
          Hide
          koga73 AJ Savino added a comment -

          Seeing as this ticket is marked resolved it's probably already fixed in master. But the latest tika release 1.16 references metadata-extractor 2.9.1 which has xmpcore 5.1.2 as a dependency

          Show
          koga73 AJ Savino added a comment - Seeing as this ticket is marked resolved it's probably already fixed in master. But the latest tika release 1.16 references metadata-extractor 2.9.1 which has xmpcore 5.1.2 as a dependency
          Hide
          reschke Julian Reschke added a comment -

          > Failure to find com.adobe.granite:parent:pom:60"

          There are unfortunately two artefacts for com.adobe.xmp:xmpcore:jar:5.1.2, one for Adobe internal use, one public. The former has that reference. Clearing the M2 cache for com/adobe should fix this.

          Show
          reschke Julian Reschke added a comment - > Failure to find com.adobe.granite:parent:pom:60" There are unfortunately two artefacts for com.adobe.xmp:xmpcore:jar:5.1.2, one for Adobe internal use, one public. The former has that reference. Clearing the M2 cache for com/adobe should fix this.
          Hide
          tallison@mitre.org Tim Allison added a comment -

          AJ Savino, thank you for raising this. I'm not sure how 5.1.2 is getting pulled in. I don't see it at all when I run dependency:tree on master; I'm only seeing 5.1.3. Am I missing something?

          Show
          tallison@mitre.org Tim Allison added a comment - AJ Savino , thank you for raising this. I'm not sure how 5.1.2 is getting pulled in. I don't see it at all when I run dependency:tree on master; I'm only seeing 5.1.3. Am I missing something?
          Hide
          koga73 AJ Savino added a comment -

          +1
          Maven build is failing:
          "Failed to read artifact descriptor for com.adobe.xmp:xmpcore:jar:5.1.2: Failure to find com.adobe.granite:parent:pom:60"

          Adding com.adobe.xmp v5.1.3 dependency to my local pom fixed the issue. metadata-extractor 2.10.1 uses v5.1.3

          Show
          koga73 AJ Savino added a comment - +1 Maven build is failing: "Failed to read artifact descriptor for com.adobe.xmp:xmpcore:jar:5.1.2: Failure to find com.adobe.granite:parent:pom:60" Adding com.adobe.xmp v5.1.3 dependency to my local pom fixed the issue. metadata-extractor 2.10.1 uses v5.1.3
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Jenkins build Tika-trunk #1389 (See https://builds.apache.org/job/Tika-trunk/1389/)
          TIKA-2486 upgrade metadata-extractor to avoid CVE in xmp-core to 2.10.1 (tallison: https://github.com/apache/tika/commit/1b48d73e41f6041c31ff396194ee37b5afceebae)

          • (edit) tika-parsers/src/test/java/org/apache/tika/parser/rtf/RTFParserTest.java
          • (edit) tika-parsers/pom.xml
          • (edit) CHANGES.txt
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Jenkins build Tika-trunk #1389 (See https://builds.apache.org/job/Tika-trunk/1389/ ) TIKA-2486 upgrade metadata-extractor to avoid CVE in xmp-core to 2.10.1 (tallison: https://github.com/apache/tika/commit/1b48d73e41f6041c31ff396194ee37b5afceebae ) (edit) tika-parsers/src/test/java/org/apache/tika/parser/rtf/RTFParserTest.java (edit) tika-parsers/pom.xml (edit) CHANGES.txt

            People

            • Assignee:
              Unassigned
              Reporter:
              reschke Julian Reschke
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development