You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Tim Allison (Jira)" <ji...@apache.org> on 2021/08/26 16:32:00 UTC
[jira] [Commented] (TIKA-3539) jdom 2.0.6 dependency in
tika-parser-news-module has unfixed CVE
[ https://issues.apache.org/jira/browse/TIKA-3539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17405350#comment-17405350 ]
Tim Allison commented on TIKA-3539:
-----------------------------------
We've been tracking this and will release 1.27.1 and probably 2.1.1 as soon as the fix is released.
The rome parser we're using for news feeds uses jdom, and I don't think there's a way to switch it out easily. If there is, I'd be more than happy to get rid of this dependency. Or, if there's an alternative to Rome...
> jdom 2.0.6 dependency in tika-parser-news-module has unfixed CVE
> ----------------------------------------------------------------
>
> Key: TIKA-3539
> URL: https://issues.apache.org/jira/browse/TIKA-3539
> Project: Tika
> Issue Type: Task
> Components: parser
> Affects Versions: 2.1.0
> Reporter: Julian Reschke
> Priority: Major
>
> Might be good to avoid the use of JDOM altogether.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)