You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tika.apache.org by ta...@apache.org on 2018/02/02 13:10:13 UTC
[tika] branch master updated: TIKA-2561 -- update jsoup version in
grib parser to avoid xss vuln
This is an automated email from the ASF dual-hosted git repository.
tallison pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/master by this push:
new c802419 TIKA-2561 -- update jsoup version in grib parser to avoid xss vuln
c802419 is described below
commit c80241952fa2f515687c6479768d24d7e907653c
Author: tballison <ta...@mitre.org>
AuthorDate: Fri Feb 2 08:10:00 2018 -0500
TIKA-2561 -- update jsoup version in grib parser to avoid xss vuln
---
tika-parsers/pom.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/tika-parsers/pom.xml b/tika-parsers/pom.xml
index 5d85b70..85e9cd2 100644
--- a/tika-parsers/pom.xml
+++ b/tika-parsers/pom.xml
@@ -406,8 +406,19 @@
<groupId>edu.ucar</groupId>
<artifactId>jj2000</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.jsoup</groupId>
+ <artifactId>jsoup</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <!-- grib's current jsoup is vulnerable to xss
+ exclude and import a more modern version TIKA-2561-->
+ <dependency>
+ <groupId>org.jsoup</groupId>
+ <artifactId>jsoup</artifactId>
+ <version>1.11.2</version>
+ </dependency>
<dependency>
<groupId>edu.ucar</groupId>
<artifactId>cdm</artifactId>
--
To stop receiving notification emails like this one, please contact
tallison@apache.org.