You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/04/19 09:15:00 UTC

[jira] [Commented] (TIKA-2570) Tika 1.17 uses vulnerable Jackson version 2.9.2

    [ https://issues.apache.org/jira/browse/TIKA-2570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16443774#comment-16443774 ] 

ASF GitHub Bot commented on TIKA-2570:
--------------------------------------

cygri commented on issue #219: Fix for TIKA-2570 contributed by ewanmellor.
URL: https://github.com/apache/tika/pull/219#issuecomment-382667089
 
 
   Looks like 2.9.4 might have problems too, fixed in 2.9.5: https://nvd.nist.gov/vuln/detail/CVE-2018-7489

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Tika 1.17 uses vulnerable Jackson version 2.9.2
> -----------------------------------------------
>
>                 Key: TIKA-2570
>                 URL: https://issues.apache.org/jira/browse/TIKA-2570
>             Project: Tika
>          Issue Type: Task
>            Reporter: Julian Reschke
>            Priority: Minor
>             Fix For: 1.18, 2.0.0
>
>
> See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)