[ https://issues.apache.org/jira/browse/TIKA-932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13466756#comment-13466756 ]
Lau Brino commented on TIKA-932: -------------------------------- Hi, see page http://tika.apache.org/1.2/gettingstarted.html - there's still 1.3 version mentioned... > Upgrade to Commons Compress 1.4.1 > --------------------------------- > > Key: TIKA-932 > URL: https://issues.apache.org/jira/browse/TIKA-932 > Project: Tika > Issue Type: Improvement > Components: parser > Reporter: Jukka Zitting > Assignee: Jukka Zitting > Priority: Minor > Labels: security > Fix For: 1.2 > > > There's a denial of service vulnerability (CVE-2012-2098) in Commons Compress > versions up to 1.4 (we currently use 1.3) that can be triggered with a > specially crafted bzip2 document. > Tika already has higher-level features (ForkParser, etc.) for dealing with > problems like this, but it would in any case be good to upgrade our Commons > Compress dependency to the new 1.4.1 release that fixes the vulnerability. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira