You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Martijn Visser (Jira)" <ji...@apache.org> on 2023/04/14 12:40:00 UTC

[jira] [Comment Edited] (FLINK-31800) Update tika to current

    [ https://issues.apache.org/jira/browse/FLINK-31800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712257#comment-17712257 ] 

Martijn Visser edited comment on FLINK-31800 at 4/14/23 12:39 PM:
------------------------------------------------------------------

[~satanicmechanic] I would recommend to first check if this dependency is really bundled with Flink. When running a {{mvn dependency:tree}}, there's no occurrence of tika anywhere as a (transitive) dependency. 


was (Author: martijnvisser):
[~satanicmechanic] I would recommend to first check if this dependency is really bundled with Flink. When running a {mvn dependency:tree}, there's no occurrence of tika anywhere as a (transitive) dependency. 

> Update tika to current
> ----------------------
>
>                 Key: FLINK-31800
>                 URL: https://issues.apache.org/jira/browse/FLINK-31800
>             Project: Flink
>          Issue Type: Technical Debt
>    Affects Versions: 1.17.0
>            Reporter: Morey Straus
>            Priority: Major
>              Labels: security
>
> Multiple vulns in org.apache.tika:tika-core-1.28.1
> https://nvd.nist.gov/vuln/detail/CVE-2022-30126
> https://nvd.nist.gov/vuln/detail/CVE-2022-30973
> https://nvd.nist.gov/vuln/detail/CVE-2022-30126
> https://nvd.nist.gov/vuln/detail/CVE-2022-25169



--
This message was sent by Atlassian Jira
(v8.20.10#820010)