Tim Allison created TIKA-3230:
---------------------------------
Summary: Upgrade junit and turn off ossindex warning
Key: TIKA-3230
URL: https://issues.apache.org/jira/browse/TIKA-3230
Project: Tika
Issue Type: Task
Reporter: Tim Allison
Assignee: Tim Allison
We're now getting this warning:
{{Detected 1 vulnerable components:
junit:junit:jar:4.13:test;
https://ossindex.sonatype.org/component/pkg:maven/junit/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
* [CVE-2020-15250] In JUnit4 from version 4.7 and before 4.13.1, the test
rule TemporaryFolder cont... (5.5);
https://ossindex.sonatype.org/vuln/7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1?component-type=maven&component-name=junit.junit&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
}}
I continued to get that warning even after upgrading to 4.13.1, even though,
CVE-2020-15250 says that 4.13.1 fixes the problem.
(https://nvd.nist.gov/vuln/detail/CVE-2020-15250)
So, when we upgrade, we should also configure ossindex to stop complaining
about 4.13.1.
Will take this later today.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
