Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.24.1
-
None
-
None
Description
Our team runs BlackDuck to find security vulnerabilities and Tika 1.24.1 was flagged in a recent scan for two libraries that it includes. Here is information about the two libraries which have vulnerabilities and have been recently patched which Tika needs to upgrade to:
Apache HttpClient v4.5.12
The recommendation is to upgrade 4.5.13. I cannot find a CVE number however the BlackDuck tool has pointed to the following changeset that was made in the 4.5.13 version that addresses the vulnerability
https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e
jackson-databind 2.10.3
The recommendation is to upgrade to 2.11.3. The issue was CVE-2020-25649