[
https://issues.apache.org/jira/browse/TIKA-2504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16249871#comment-16249871
]
Tim Allison edited comment on TIKA-2504 at 11/13/17 5:46 PM:
-------------------------------------------------------------
[~lfcnassif] or [~gagravarr], vfs2 is an optional dependency for the RARParser.
The version of vfs2 that is optional is bringing along the vulnerable
plexus-utils. Do we need vfs2 at all? If we do can we exclude from junrar,
and then add back 2.2, which doesn't require plexus-utils?
was (Author: [email protected]):
[~lfcnassif] or [~gagravarr], vfs2 is an optional dependency for the RARParser.
The version of vfs2 that was option is bringing along the vulnerable
plexus-utils. Do we need vfs2 at all?
> Upgrade or remove plexus-utils
> ------------------------------
>
> Key: TIKA-2504
> URL: https://issues.apache.org/jira/browse/TIKA-2504
> Project: Tika
> Issue Type: Sub-task
> Reporter: Tim Allison
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
