[ https://issues.apache.org/jira/browse/TIKA-3375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17334806#comment-17334806 ]
Chris Dressen commented on TIKA-3375: ------------------------------------- [~tallison] Thanks for updating the dependency in your commit :) > Release new version > ------------------- > > Key: TIKA-3375 > URL: https://issues.apache.org/jira/browse/TIKA-3375 > Project: Tika > Issue Type: Wish > Reporter: Chris Dressen > Priority: Major > > Hello, > It seems that Tika v1.26 is using apache cxf 3.4.2. It was discovered > somewhat recently that there is a vulnerability in that particular library > and a fix has been made in 3.4.3. See CVE-2021-22696 for more details. > It looks like there is already a fix in the main branch performed in the > following commit: > [https://github.com/apache/tika/commit/cacde72bb5dea1c4dd6de1e796ced32b8708fa57] > Is it possible to get Tika v1.27 released so this vulnerability can be > mitigated? > Thanks! -- This message was sent by Atlassian Jira (v8.3.4#803005)