(tika) branch branch_2x updated: TIKA-4456: update aws, google cloud, jackson, netty, versions plugin; add ossindex exclusion

Wed, 10 Sep 2025 01:56:36 -0700 

This is an automated email from the ASF dual-hosted git repository.

tilman pushed a commit to branch branch_2x
in repository https://gitbox.apache.org/repos/asf/tika.git


The following commit(s) were added to refs/heads/branch_2x by this push:
     new 882f78345 TIKA-4456: update aws, google cloud, jackson, netty, 
versions plugin; add ossindex exclusion
882f78345 is described below

commit 882f78345c55a5c150765f67c4d4851f813cca77
Author: Tilman Hausherr <[email protected]>
AuthorDate: Wed Sep 10 10:56:09 2025 +0200

    TIKA-4456: update aws, google cloud, jackson, netty, versions plugin; add 
ossindex exclusion
---
 tika-parent/pom.xml | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index 0b46cbef9..d8b364ae3 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -309,8 +309,8 @@
     <rat.version>0.16.1</rat.version>
 
     <!-- dependency versions -->
-    <google.cloud.version>2.55.0</google.cloud.version>
-    <aws.version>1.12.788</aws.version>
+    <google.cloud.version>2.56.0</google.cloud.version>
+    <aws.version>1.12.791</aws.version>
     <!-- WARNING: when you upgrade asm make sure that you update the
         OpCode in the initializer in 
org.apache.tika.parser.asm.XHTMLClassVisitor
         See TIKA-2992.
@@ -350,7 +350,7 @@
     <imageio.version>1.4.0</imageio.version>
     <!-- jackrabbit 2.21.23 requires java 11 -->
     <jackrabbit.version>2.21.22</jackrabbit.version>
-    <jackson.version>2.19.2</jackson.version>
+    <jackson.version>2.20.0</jackson.version>
     <jackcess.version>4.0.8</jackcess.version>
     <jackcess.encrypt.version>4.0.3</jackcess.encrypt.version>
     <javax.annotation.version>1.3.2</javax.annotation.version>
@@ -382,7 +382,7 @@
     <!-- mockito >= 5 requires jdk11 -->
     <mockito.version>4.11.0</mockito.version>
     <netcdf-java.version>4.5.5</netcdf-java.version>
-    <netty.version>4.2.4.Final</netty.version>
+    <netty.version>4.2.6.Final</netty.version>
     <oak.jackrabbit.version>1.84.0</oak.jackrabbit.version>
     <openjson.version>1.0.13</openjson.version>
     <!-- 2.0.0 doesn't compile with jdk8 -->
@@ -1101,7 +1101,7 @@
       <plugin>
         <groupId>org.codehaus.mojo</groupId>
         <artifactId>versions-maven-plugin</artifactId>
-        <version>2.18.0</version>
+        <version>2.19.0</version>
         <configuration>
           <generateBackupPoms>false</generateBackupPoms>
         </configuration>
@@ -1217,6 +1217,12 @@
               <artifactId>spring-context</artifactId>
               <version>5.3.39</version>
             </coordinate>
+            <!-- CVE-2025-58782, but used only in examples -->
+            <coordinate>
+                <groupId>org.apache.jackrabbit</groupId>
+                <artifactId>jackrabbit-jcr-commons</artifactId>
+                <version>2.21.22</version>
+            </coordinate>
           </excludeCoordinates>
           <fail>true</fail>
         </configuration>

Reply via email to