[ https://issues.apache.org/jira/browse/TIKA-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16939607#comment-16939607 ]
Hudson commented on TIKA-2890: ------------------------------ UNSTABLE: Integrated in Jenkins build Tika-trunk #1700 (See [https://builds.apache.org/job/Tika-trunk/1700/]) TIKA-2890 -- update jackson to avoid recent CVEs (tallison: [https://github.com/apache/tika/commit/c33d5412ca1133fd80c5fa5df7d0f51e0c076293]) * (edit) tika-parent/pom.xml > Critical security vulnerability in depedencies > ---------------------------------------------- > > Key: TIKA-2890 > URL: https://issues.apache.org/jira/browse/TIKA-2890 > Project: Tika > Issue Type: Improvement > Components: parser > Affects Versions: 1.21 > Reporter: Kyle DuPont > Priority: Major > Fix For: 1.23 > > Original Estimate: 1h > Remaining Estimate: 1h > > The parser dependency jackson-databind:2.9.8 has a critical vulnerability as > per: > [https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029] > This should be bumped to >2.9.9 to resolve this vulnerability. -- This message was sent by Atlassian Jira (v8.3.4#803005)