You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by "Tim Allison (Jira)" <ji...@apache.org> on 2020/04/21 19:26:00 UTC

[jira] [Resolved] (TIKA-2953) Vulnerable "commons-compress : 1.18" is present in tika-bundle 1.22.

     [ https://issues.apache.org/jira/browse/TIKA-2953?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tim Allison resolved TIKA-2953.
-------------------------------
    Fix Version/s: 1.23
       Resolution: Fixed

> Vulnerable "commons-compress : 1.18" is present in tika-bundle 1.22.	
> ---------------------------------------------------------------------
>
>                 Key: TIKA-2953
>                 URL: https://issues.apache.org/jira/browse/TIKA-2953
>             Project: Tika
>          Issue Type: Bug
>            Reporter: Aman Mishra
>            Priority: Major
>             Fix For: 1.23
>
>
> We can see that commons-compress with version 1.18 is present in tika-bundle 1.22 jar. We can see that latest commons-compress with version 1.19 is not vulnerable.
>  
> So please confirm your side that "Is this vulnerability CVE-2019-12402 is impacting to tika or not ?"
> And can we upgrade this library (commons-compress : 1.18) to latest version 1.19 locally after downloading the source code of tika ? Is there any challenge for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)