You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by "Tim Allison (Jira)" <ji...@apache.org> on 2021/08/26 16:32:00 UTC

[jira] [Commented] (TIKA-3539) jdom 2.0.6 dependency in tika-parser-news-module has unfixed CVE

    [ https://issues.apache.org/jira/browse/TIKA-3539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17405350#comment-17405350 ] 

Tim Allison commented on TIKA-3539:
-----------------------------------

We've been tracking this and will release 1.27.1 and probably 2.1.1 as soon as the fix is released.

The rome parser we're using for news feeds uses jdom, and I don't think there's a way to switch it out easily.  If there is, I'd be more than happy to get rid of this dependency.  Or, if there's an alternative to Rome...


> jdom 2.0.6 dependency in tika-parser-news-module has unfixed CVE
> ----------------------------------------------------------------
>
>                 Key: TIKA-3539
>                 URL: https://issues.apache.org/jira/browse/TIKA-3539
>             Project: Tika
>          Issue Type: Task
>          Components: parser
>    Affects Versions: 2.1.0
>            Reporter: Julian Reschke
>            Priority: Major
>
> Might be good to avoid the use of JDOM altogether.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)