You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/02/21 20:16:00 UTC

[jira] [Commented] (TIKA-2570) Tika 1.17 uses vulnerable Jackson version 2.9.2

    [ https://issues.apache.org/jira/browse/TIKA-2570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16371946#comment-16371946 ] 

ASF GitHub Bot commented on TIKA-2570:
--------------------------------------

ewanmellor opened a new pull request #219: Fix for TIKA-2570 contributed by ewanmellor.
URL: https://github.com/apache/tika/pull/219
 
 
   Upgrade use of jackson to 2.9.4.  Versions 2.9.2 and 2.9.3 allow
   unauthenticated remote code execution, labeled CVE-2017-17485.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Tika 1.17 uses vulnerable Jackson version 2.9.2
> -----------------------------------------------
>
>                 Key: TIKA-2570
>                 URL: https://issues.apache.org/jira/browse/TIKA-2570
>             Project: Tika
>          Issue Type: Task
>            Reporter: Julian Reschke
>            Priority: Minor
>
> See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)