[
https://issues.apache.org/jira/browse/FLINK-31800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712257#comment-17712257
]
Martijn Visser edited comment on FLINK-31800 at 4/14/23 12:39 PM:
------------------------------------------------------------------
[~satanicmechanic] I would recommend to first check if this dependency is
really bundled with Flink. When running a {{mvn dependency:tree}}, there's no
occurrence of tika anywhere as a (transitive) dependency.
was (Author: martijnvisser):
[~satanicmechanic] I would recommend to first check if this dependency is
really bundled with Flink. When running a {mvn dependency:tree}, there's no
occurrence of tika anywhere as a (transitive) dependency.
> Update tika to current
> ----------------------
>
> Key: FLINK-31800
> URL: https://issues.apache.org/jira/browse/FLINK-31800
> Project: Flink
> Issue Type: Technical Debt
> Affects Versions: 1.17.0
> Reporter: Morey Straus
> Priority: Major
> Labels: security
>
> Multiple vulns in org.apache.tika:tika-core-1.28.1
> https://nvd.nist.gov/vuln/detail/CVE-2022-30126
> https://nvd.nist.gov/vuln/detail/CVE-2022-30973
> https://nvd.nist.gov/vuln/detail/CVE-2022-30126
> https://nvd.nist.gov/vuln/detail/CVE-2022-25169
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
