You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Tellier Benoit (JIRA)" <se...@james.apache.org> on 2019/01/02 04:28:00 UTC
[jira] [Updated] (JAMES-2634) Tika 1.19.x is vulnerable to
CVE-2017-17197
[ https://issues.apache.org/jira/browse/JAMES-2634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tellier Benoit updated JAMES-2634:
----------------------------------
Labels: documentation security (was: )
> Tika 1.19.x is vulnerable to CVE-2017-17197
> -------------------------------------------
>
> Key: JAMES-2634
> URL: https://issues.apache.org/jira/browse/JAMES-2634
> Project: James Server
> Issue Type: New Feature
> Reporter: Tellier Benoit
> Priority: Major
> Labels: documentation, security
>
> [CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3Parser
> A carefully crafted or corrupt sqlite file can cause an infinite loop
> in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
> Thus we should recommend using Tika up version 1.20 in James documentation and rely on this version in our tests.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org