You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Abhijit Rajwade (JIRA)" <ji...@apache.org> on 2018/07/31 10:22:00 UTC
[jira] [Created] (TIKA-2699) Security: Sonatype Nexus scan is
reporting multiple vulnearbilities on the bouncy castle version used by
Apache Tika
Abhijit Rajwade created TIKA-2699:
-------------------------------------
Summary: Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika
Key: TIKA-2699
URL: https://issues.apache.org/jira/browse/TIKA-2699
Project: Tika
Issue Type: Bug
Affects Versions: 1.18, 1.17
Reporter: Abhijit Rajwade
Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika.
Vulnerabilities reported are CVE-2016-1000338, CVE-2016-1000340, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000352
The recommendation is to upgrade to non vulnerable Bouncy castle version 1.57 or later (1.58, 1.59, 1.60).
Can you please upgrade Bouncy castle to a non vulnerable version?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)