You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Tim Allison (JIRA)" <ji...@apache.org> on 2019/01/07 17:36:00 UTC
[jira] [Commented] (TIKA-2808) Skip h2 1.4.197 in
ossindex-maven-plugin in tika-eval
[ https://issues.apache.org/jira/browse/TIKA-2808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16736090#comment-16736090 ]
Tim Allison commented on TIKA-2808:
-----------------------------------
[~solomax], any recommendations for handling this differently?
> Skip h2 1.4.197 in ossindex-maven-plugin in tika-eval
> ------------------------------------------------------
>
> Key: TIKA-2808
> URL: https://issues.apache.org/jira/browse/TIKA-2808
> Project: Tika
> Issue Type: Improvement
> Reporter: Tim Allison
> Priority: Major
>
> The build is now failing because of two recently indexed vulnerabilities in h2 1.4.197, which is used by tika-eval. In reviewing at least one of the cves, it looks like versions before 1.4.197 are also vulnerable. There is no actual "fix version" available, afaict. For now, let's skip h2.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)