[
https://issues.apache.org/jira/browse/TIKA-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17234860#comment-17234860
]
Hudson commented on TIKA-3230:
------------------------------
UNSTABLE: Integrated in Jenkins build Tika ยป tika-branch1x-jdk8 #29 (See
[https://ci-builds.apache.org/job/Tika/job/tika-branch1x-jdk8/29/])
TIKA-3230 -- upgrade junit and turn off ossindex warning (tallison:
[https://github.com/apache/tika/commit/19d18b35f6e5aae7e96b5e37ad77eb02938eea4e])
* (edit) tika-parent/pom.xml
> Upgrade junit and turn off ossindex warning
> -------------------------------------------
>
> Key: TIKA-3230
> URL: https://issues.apache.org/jira/browse/TIKA-3230
> Project: Tika
> Issue Type: Task
> Reporter: Tim Allison
> Assignee: Tim Allison
> Priority: Trivial
>
> We're now getting this warning:
> {noformat}
> Detected 1 vulnerable components:
> junit:junit:jar:4.13:test;
> https://ossindex.sonatype.org/component/pkg:maven/junit/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
> * [CVE-2020-15250] In JUnit4 from version 4.7 and before 4.13.1, the test
> rule TemporaryFolder cont... (5.5);
> https://ossindex.sonatype.org/vuln/7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1?component-type=maven&component-name=junit.junit&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
> {noformat}
> I continued to get that warning even after upgrading to 4.13.1, even though,
> CVE-2020-15250 says that 4.13.1 fixes the problem.
> (https://nvd.nist.gov/vuln/detail/CVE-2020-15250)
> So, when we upgrade, we should also configure ossindex to stop complaining
> about 4.13.1.
> Will take this later today.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
