You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Martijn Visser (Jira)" <ji...@apache.org> on 2023/04/14 12:40:00 UTC
[jira] [Comment Edited] (FLINK-31800) Update tika to current
[ https://issues.apache.org/jira/browse/FLINK-31800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712257#comment-17712257 ]
Martijn Visser edited comment on FLINK-31800 at 4/14/23 12:39 PM:
------------------------------------------------------------------
[~satanicmechanic] I would recommend to first check if this dependency is really bundled with Flink. When running a {{mvn dependency:tree}}, there's no occurrence of tika anywhere as a (transitive) dependency.
was (Author: martijnvisser):
[~satanicmechanic] I would recommend to first check if this dependency is really bundled with Flink. When running a {mvn dependency:tree}, there's no occurrence of tika anywhere as a (transitive) dependency.
> Update tika to current
> ----------------------
>
> Key: FLINK-31800
> URL: https://issues.apache.org/jira/browse/FLINK-31800
> Project: Flink
> Issue Type: Technical Debt
> Affects Versions: 1.17.0
> Reporter: Morey Straus
> Priority: Major
> Labels: security
>
> Multiple vulns in org.apache.tika:tika-core-1.28.1
> https://nvd.nist.gov/vuln/detail/CVE-2022-30126
> https://nvd.nist.gov/vuln/detail/CVE-2022-30973
> https://nvd.nist.gov/vuln/detail/CVE-2022-30126
> https://nvd.nist.gov/vuln/detail/CVE-2022-25169
--
This message was sent by Atlassian Jira
(v8.20.10#820010)