[jira] [Commented] (TIKA-932) Upgrade to Commons Compress 1.4.1

Lau Brino (JIRA) Mon, 01 Oct 2012 05:25:19 -0700

    [ 
https://issues.apache.org/jira/browse/TIKA-932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13466756#comment-13466756
 ]


Lau Brino commented on TIKA-932:
--------------------------------

Hi, see page http://tika.apache.org/1.2/gettingstarted.html - there's still 1.3 
version mentioned...
                
> Upgrade to Commons Compress 1.4.1
> ---------------------------------
>
>                 Key: TIKA-932
>                 URL: https://issues.apache.org/jira/browse/TIKA-932
>             Project: Tika
>          Issue Type: Improvement
>          Components: parser
>            Reporter: Jukka Zitting
>            Assignee: Jukka Zitting
>            Priority: Minor
>              Labels: security
>             Fix For: 1.2
>
>
> There's a denial of service vulnerability (CVE-2012-2098) in Commons Compress 
> versions up to 1.4 (we currently use 1.3) that can be triggered with a 
> specially crafted bzip2 document.
> Tika already has higher-level features (ForkParser, etc.) for dealing with 
> problems like this, but it would in any case be good to upgrade our Commons 
> Compress dependency to the new 1.4.1 release that fixes the vulnerability.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (TIKA-932) Upgrade to Commons Compress 1.4.1

Reply via email to