OFBiz OFBiz - Notifications

[jira] [Commented] (OFBIZ-10826) Upgrade Apache Tika to 1.20 (CVE-2018-8017/CVE-2018-17197)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (OFBIZ-10826) Upgrade Apache Tika to 1.20 (CVE-2018-8017/CVE-2018-17197)

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-10826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16755893#comment-16755893 ]

Deepak Dixit commented on OFBIZ-10826:
--------------------------------------

This has been done at
ofbiz framework trunk at r#1852503
R18.12 framework trunk at r#1852504

Need to backport this to R17.12 and R16.11 as well.
Right now I am getting build failed due to POI dependencies,

{code}
/Users/deepakdixit/sandbox/ofbiz.17.12/applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java:125: error: cannot find symbol
                    cell2.setCellType(HSSFCell.CELL_TYPE_STRING);
                                             ^
{code}

I think we need to update dependent code as well.


> Upgrade Apache Tika to 1.20 (CVE-2018-8017/CVE-2018-17197)
> ----------------------------------------------------------
>
>                 Key: OFBIZ-10826
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-10826
>             Project: OFBiz
>          Issue Type: Bug
>    Affects Versions: Trunk, 17.12.01, 16.11.05, 18.12.01
>            Reporter: Deepak Dixit
>            Assignee: Deepak Dixit
>            Priority: Major
>
> Need to upgrade Apache tika to 1.20.
> Here are the several security vulnerabilities reported for Apache Tika
> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=%22Apache%20tika%22



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Free forum by Nabble Edit this page