[TIKA-2561] Tika Parser includes oudated/vulnerable version of JSoup - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.17
Fix Version/s: 1.18, 2.0.0
Component/s: parser
Labels:
None

Description

org.apache.tika:tika-parsers:1.17 pulls in dependency JSoup 1.7.2.

JSoup versions older than 1.8.3 have a vulnerability in parsing.

https://nvd.nist.gov/vuln/detail/CVE-2015-6748

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Asela

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 31/Jan/18 22:28

Updated:: 12/Apr/21 13:01

Resolved:: 02/Feb/18 13:21