This is an automated email from the ASF dual-hosted git repository.
tilman pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/main by this push:
new 0f5570691 TIKA-3795: add exclusion for jetty-io
0f5570691 is described below
commit 0f5570691133c75ac4472c3340354a6c4080b104
Author: Tilman Hausherr <[email protected]>
AuthorDate: Sat Jul 9 05:54:05 2022 +0200
TIKA-3795: add exclusion for jetty-io
---
tika-parent/pom.xml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index 69388e8c9..66cb2e556 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -828,6 +828,12 @@
<artifactId>commons-dbcp</artifactId>
<version>1.4</version>
</exclude>
+ <exclude>
+ <!-- CVE-2022-2191 applies to jetty 10.0.0 thru 10.0.9, and
11.0.0 thru 11.0.9 -->
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-io</artifactId>
+ <version>9.4.48.v20220622</version>
+ </exclude>
</excludeCoordinates>
<fail>true</fail>
</configuration>
