[ https://issues.apache.org/jira/browse/OAK-10003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17750099#comment-17750099 ]
Mohit Kataria commented on OAK-10003: ------------------------------------- Tika 1.28.5 is dependent on apache-poi 5.x where as 1.26 was dependent on 4.x (major version upgrade) Apache-poi 5.X have different dependencies wrt apache-poi 4.X , causing pax version to be upgraded for testing. > Upgrade tika to 1.28.5 > ---------------------- > > Key: OAK-10003 > URL: https://issues.apache.org/jira/browse/OAK-10003 > Project: Jackrabbit Oak > Issue Type: Improvement > Components: indexing > Reporter: Mohit Kataria > Assignee: Mohit Kataria > Priority: Major > > Poi 4.0.1 is vulnerable to CVE-2022-26336. > Upgrade tika to 1.28.5 -- This message was sent by Atlassian Jira (v8.20.10#820010)