You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tika.apache.org by ta...@apache.org on 2018/02/02 13:17:54 UTC
[tika] branch branch_1x updated: TIKA-2561 upgrade jsoup to avoid
potential xss vuln in grib
This is an automated email from the ASF dual-hosted git repository.
tallison pushed a commit to branch branch_1x
in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/branch_1x by this push:
new 32cbe38 TIKA-2561 upgrade jsoup to avoid potential xss vuln in grib
32cbe38 is described below
commit 32cbe382e7744de5ce32b812f2546f2d5625510b
Author: tballison <ta...@mitre.org>
AuthorDate: Fri Feb 2 08:17:44 2018 -0500
TIKA-2561 upgrade jsoup to avoid potential xss vuln in grib
---
tika-parsers/pom.xml | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/tika-parsers/pom.xml b/tika-parsers/pom.xml
index 14f46b4..cae337c 100644
--- a/tika-parsers/pom.xml
+++ b/tika-parsers/pom.xml
@@ -406,9 +406,19 @@
<groupId>edu.ucar</groupId>
<artifactId>jj2000</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.jsoup</groupId>
+ <artifactId>jsoup</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <!-- grib's current jsoup is vulnerable to xss
+ exclude and import a more modern version TIKA-2561-->
<dependency>
+ <groupId>org.jsoup</groupId>
+ <artifactId>jsoup</artifactId>
+ <version>1.11.2</version>
+ </dependency> <dependency>
<groupId>edu.ucar</groupId>
<artifactId>cdm</artifactId>
<version>${netcdf-java.version}</version>
--
To stop receiving notification emails like this one, please contact
tallison@apache.org.