[
https://issues.apache.org/jira/browse/TIKA-3375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17334806#comment-17334806
]
Chris Dressen commented on TIKA-3375:
-------------------------------------
[~tallison] Thanks for updating the dependency in your commit :)
> Release new version
> -------------------
>
> Key: TIKA-3375
> URL: https://issues.apache.org/jira/browse/TIKA-3375
> Project: Tika
> Issue Type: Wish
> Reporter: Chris Dressen
> Priority: Major
>
> Hello,
> It seems that Tika v1.26 is using apache cxf 3.4.2. It was discovered
> somewhat recently that there is a vulnerability in that particular library
> and a fix has been made in 3.4.3. See CVE-2021-22696 for more details.
> It looks like there is already a fix in the main branch performed in the
> following commit:
> [https://github.com/apache/tika/commit/cacde72bb5dea1c4dd6de1e796ced32b8708fa57]
> Is it possible to get Tika v1.27 released so this vulnerability can be
> mitigated?
> Thanks!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
