You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Tim Allison (Jira)" <ji...@apache.org> on 2020/11/18 14:55:00 UTC
[jira] [Updated] (TIKA-3230) Upgrade junit and turn off ossindex
warning
[ https://issues.apache.org/jira/browse/TIKA-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tim Allison updated TIKA-3230:
------------------------------
Description:
We're now getting this warning:
{noformat}
Detected 1 vulnerable components:
junit:junit:jar:4.13:test; https://ossindex.sonatype.org/component/pkg:maven/junit/junit@4.13?utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
* [CVE-2020-15250] In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder cont... (5.5); https://ossindex.sonatype.org/vuln/7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1?component-type=maven&component-name=junit.junit&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
{noformat}
I continued to get that warning even after upgrading to 4.13.1, even though, CVE-2020-15250 says that 4.13.1 fixes the problem. (https://nvd.nist.gov/vuln/detail/CVE-2020-15250)
So, when we upgrade, we should also configure ossindex to stop complaining about 4.13.1.
Will take this later today.
was:
We're now getting this warning:
{{Detected 1 vulnerable components:
junit:junit:jar:4.13:test; https://ossindex.sonatype.org/component/pkg:maven/junit/junit@4.13?utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
* [CVE-2020-15250] In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder cont... (5.5); https://ossindex.sonatype.org/vuln/7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1?component-type=maven&component-name=junit.junit&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
}}
I continued to get that warning even after upgrading to 4.13.1, even though, CVE-2020-15250 says that 4.13.1 fixes the problem. (https://nvd.nist.gov/vuln/detail/CVE-2020-15250)
So, when we upgrade, we should also configure ossindex to stop complaining about 4.13.1.
Will take this later today.
> Upgrade junit and turn off ossindex warning
> -------------------------------------------
>
> Key: TIKA-3230
> URL: https://issues.apache.org/jira/browse/TIKA-3230
> Project: Tika
> Issue Type: Task
> Reporter: Tim Allison
> Assignee: Tim Allison
> Priority: Trivial
>
> We're now getting this warning:
> {noformat}
> Detected 1 vulnerable components:
> junit:junit:jar:4.13:test; https://ossindex.sonatype.org/component/pkg:maven/junit/junit@4.13?utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
> * [CVE-2020-15250] In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder cont... (5.5); https://ossindex.sonatype.org/vuln/7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1?component-type=maven&component-name=junit.junit&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
> {noformat}
> I continued to get that warning even after upgrading to 4.13.1, even though, CVE-2020-15250 says that 4.13.1 fixes the problem. (https://nvd.nist.gov/vuln/detail/CVE-2020-15250)
> So, when we upgrade, we should also configure ossindex to stop complaining about 4.13.1.
> Will take this later today.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)