You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by "Tim Allison (JIRA)" <ji...@apache.org> on 2019/06/04 14:59:00 UTC

[jira] [Resolved] (TIKA-2887) Build fails with CVE warnings

     [ https://issues.apache.org/jira/browse/TIKA-2887?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tim Allison resolved TIKA-2887.
-------------------------------
       Resolution: Duplicate
    Fix Version/s: 1.22

Thank you for raising this.  Those were fixed in branch_1x and master shortly after the 1.21 release.

> Build fails with CVE warnings
> -----------------------------
>
>                 Key: TIKA-2887
>                 URL: https://issues.apache.org/jira/browse/TIKA-2887
>             Project: Tika
>          Issue Type: Bug
>    Affects Versions: 1.21
>         Environment: Win 10 64bit
> JDK 8
>            Reporter: T Craig
>            Priority: Major
>              Labels: newbie, security, windows
>             Fix For: 1.22
>
>
> When running the initial build script it fails with two CVE warnings.
> [INFO] Apache Tika OSGi bundle 1.21 ....................... FAILURE [  9.932 s]
> [INFO] BUILD FAILURE
> [ERROR] Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.0.4:audit (audit-dependencies) on project tika-bundle: Detected 2 vulnerable components:
> [ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8:compile; https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> [ERROR] * [CVE-2019-12086] Information Exposure (7.5); https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029
> [ERROR] c3p0:c3p0:jar:0.9.1.1:compile; https://ossindex.sonatype.org/component/pkg:maven/c3p0/c3p0@0.9.1.1
> [ERROR] * [CVE-2019-5427] Resource Management Errors (7.5); https://ossindex.sonatype.org/vuln/d25f4c21-9e76-4fc2-9d73-3770aa3aec56



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)