You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tika.apache.org by ti...@apache.org on 2022/07/09 03:54:13 UTC

[tika] branch main updated: TIKA-3795: add exclusion for jetty-io

This is an automated email from the ASF dual-hosted git repository.

tilman pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tika.git


The following commit(s) were added to refs/heads/main by this push:
     new 0f5570691 TIKA-3795: add exclusion for jetty-io
0f5570691 is described below

commit 0f5570691133c75ac4472c3340354a6c4080b104
Author: Tilman Hausherr <ti...@apache.org>
AuthorDate: Sat Jul 9 05:54:05 2022 +0200

    TIKA-3795: add exclusion for jetty-io
---
 tika-parent/pom.xml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index 69388e8c9..66cb2e556 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -828,6 +828,12 @@
               <artifactId>commons-dbcp</artifactId>
               <version>1.4</version>
             </exclude>
+            <exclude>
+              <!-- CVE-2022-2191 applies to jetty 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 -->
+              <groupId>org.eclipse.jetty</groupId>
+              <artifactId>jetty-io</artifactId>
+              <version>9.4.48.v20220622</version>
+            </exclude>
           </excludeCoordinates>
           <fail>true</fail>
         </configuration>