You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by "Lau Brino (JIRA)" <ji...@apache.org> on 2012/10/01 14:25:08 UTC

[jira] [Commented] (TIKA-932) Upgrade to Commons Compress 1.4.1

    [ https://issues.apache.org/jira/browse/TIKA-932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13466756#comment-13466756 ] 

Lau Brino commented on TIKA-932:
--------------------------------

Hi, see page http://tika.apache.org/1.2/gettingstarted.html - there's still 1.3 version mentioned...
                
> Upgrade to Commons Compress 1.4.1
> ---------------------------------
>
>                 Key: TIKA-932
>                 URL: https://issues.apache.org/jira/browse/TIKA-932
>             Project: Tika
>          Issue Type: Improvement
>          Components: parser
>            Reporter: Jukka Zitting
>            Assignee: Jukka Zitting
>            Priority: Minor
>              Labels: security
>             Fix For: 1.2
>
>
> There's a denial of service vulnerability (CVE-2012-2098) in Commons Compress versions up to 1.4 (we currently use 1.3) that can be triggered with a specially crafted bzip2 document.
> Tika already has higher-level features (ForkParser, etc.) for dealing with problems like this, but it would in any case be good to upgrade our Commons Compress dependency to the new 1.4.1 release that fixes the vulnerability.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira