Details
Description
When running the initial build script it fails with two CVE warnings.
[INFO] Apache Tika OSGi bundle 1.21 ....................... FAILURE [ 9.932 s]
[INFO] BUILD FAILURE
[ERROR] Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.0.4:audit (audit-dependencies) on project tika-bundle: Detected 2 vulnerable components:
[ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8:compile; https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
[ERROR] * [CVE-2019-12086] Information Exposure (7.5); https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029
[ERROR] c3p0:c3p0:jar:0.9.1.1:compile; https://ossindex.sonatype.org/component/pkg:maven/c3p0/c3p0@0.9.1.1
[ERROR] * [CVE-2019-5427] Resource Management Errors (7.5); https://ossindex.sonatype.org/vuln/d25f4c21-9e76-4fc2-9d73-3770aa3aec56
Attachments
Issue Links
- duplicates
-
TIKA-2878 Update dependencies for 1.22
- Open