Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-932

Upgrade to Commons Compress 1.4.1

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.2
    • Component/s: parser
    • Labels:

      Description

      There's a denial of service vulnerability (CVE-2012-2098) in Commons Compress versions up to 1.4 (we currently use 1.3) that can be triggered with a specially crafted bzip2 document.

      Tika already has higher-level features (ForkParser, etc.) for dealing with problems like this, but it would in any case be good to upgrade our Commons Compress dependency to the new 1.4.1 release that fixes the vulnerability.

        Attachments

          Activity

            People

            • Assignee:
              jukkaz Jukka Zitting
              Reporter:
              jukkaz Jukka Zitting
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: