Abhijit Rajwade created TIKA-2699: ------------------------------------- Summary: Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika Key: TIKA-2699 URL: https://issues.apache.org/jira/browse/TIKA-2699 Project: Tika Issue Type: Bug Affects Versions: 1.18, 1.17 Reporter: Abhijit Rajwade
Security: Sonatype Nexus scan is reporting multiple vulnearbilities on the bouncy castle version used by Apache Tika. Vulnerabilities reported are CVE-2016-1000338, CVE-2016-1000340, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000352 The recommendation is to upgrade to non vulnerable Bouncy castle version 1.57 or later (1.58, 1.59, 1.60). Can you please upgrade Bouncy castle to a non vulnerable version? -- This message was sent by Atlassian JIRA (v7.6.3#76005)