Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-2878

Update dependencies for 1.22

    XMLWordPrintableJSON

Details

    • Task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None
    • None

    Description

      And in the category of "stuff you can't make up"...while generating the javadocs for the 1.21 release:

      We're now getting this inĀ tika-parsers:

        c3p0:c3p0:jar:0.9.1.1:compile; https://ossindex.sonatype.org/component/pkg:maven/c3p0/c3p0@0.9.1.1
    * [CVE-2019-5427]  Resource Management Errors (7.5); https://ossindex.sonatype.org/vuln/d25f4c21-9e76-4fc2-9d73-3770aa3aec56

      and in tika-server:

          * [CVE-2019-10247]  Information Exposure (5.3); https://ossindex.sonatype.org/vuln/47ad4d7e-b9c3-414f-9bfa-1dfaa92b0aba
    * [CVE-2019-10241]  Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") (6.1); https://ossindex.sonatype.org/vuln/970aece8-4a1d-4a9e-ab97-0982b13dac4d
  org.eclipse.jetty:jetty-server:jar:9.4.14.v20181114:compile; https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-server@9.4.14.v20181114
    * [CVE-2019-10247]  Information Exposure (5.3); https://ossindex.sonatype.org/vuln/47ad4d7e-b9c3-414f-9bfa-1dfaa92b0aba
    * [CVE-2019-10241]  Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") (6.1); https://ossindex.sonatype.org/vuln/970aece8-4a1d-4a9e-ab97-0982b13dac4d

      Attachments

        1. dependency_tree.txt
          124 kB
          Tim Allison
        2. dependency-check-report.html
          900 kB
          Tim Allison
        3. pom.xml
          4 kB
          Tilman Hausherr

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. TIKA-2885 Vulnerabilities in tika

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. TIKA-2887 Build fails with CVE warnings

          • Major - Major loss of function.
          • Resolved

          Task - A task that needs to be done. TIKA-2907 Blanket dependency upgrades for next release cycle (1.22)

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              tallison Tim Allison
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: