Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-2699

Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 1.17, 1.18
    • Fix Version/s: 1.19
    • Component/s: None
    • Labels:

      Description

      Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika.

      Vulnerabilities reported are CVE-2016-1000338, CVE-2016-1000340, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000352

      The recommendation is to upgrade to non vulnerable Bouncy castle version 1.57 or later (1.58, 1.59, 1.60).

      Can you please upgrade Bouncy castle to a non vulnerable version?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                arajwade Abhijit Rajwade
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: