[jira] [Commented] (TIKA-2007) Tika 1.13 uses vulnerable version of jackson-core: CVE-2016-3720

Konstantin Gribov (JIRA) Wed, 24 Aug 2016 07:27:06 -0700

    [ 
https://issues.apache.org/jira/browse/TIKA-2007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15435013#comment-15435013
 ]


Konstantin Gribov commented on TIKA-2007:
-----------------------------------------

I think, it's not-a-bug since CVE is relevant to {{jackson-dataformat-xml}} and 
Tika doesn't use it at all.

Updating {{jackson}} to actual upstream versions is still good idea.

> Tika 1.13 uses vulnerable version of jackson-core: CVE-2016-3720
> ----------------------------------------------------------------
>
>                 Key: TIKA-2007
>                 URL: https://issues.apache.org/jira/browse/TIKA-2007
>             Project: Tika
>          Issue Type: Bug
>            Reporter: Goetz Neumann
>            Priority: Blocker
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (TIKA-2007) Tika 1.13 uses vulnerable version of jackson-core: CVE-2016-3720

Reply via email to