svn commit: r1852503 - /ofbiz/ofbiz-framework/trunk/build.gradle

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1852503 - /ofbiz/ofbiz-framework/trunk/build.gradle

Deepak Dixit-5
Author: deepak
Date: Wed Jan 30 08:53:29 2019
New Revision: 1852503

URL: http://svn.apache.org/viewvc?rev=1852503&view=rev
Log:
Fixed: Upgrade Apache Tika to 1.20 (CVE-2018-8017/CVE-2018-17197)
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.

Modified:
    ofbiz/ofbiz-framework/trunk/build.gradle

Modified: ofbiz/ofbiz-framework/trunk/build.gradle
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/build.gradle?rev=1852503&r1=1852502&r2=1852503&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/build.gradle (original)
+++ ofbiz/ofbiz-framework/trunk/build.gradle Wed Jan 30 08:53:29 2019
@@ -150,8 +150,8 @@ dependencies {
     compile 'org.apache.poi:poi:3.17'
     compile 'org.apache.shiro:shiro-core:1.4.0'
     compile 'org.apache.sshd:sshd-core:1.7.0'
-    compile 'org.apache.tika:tika-core:1.18'
-    compile 'org.apache.tika:tika-parsers:1.18'
+    compile 'org.apache.tika:tika-core:1.20'
+    compile 'org.apache.tika:tika-parsers:1.20'
     compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.13'
     compile 'org.apache.tomcat:tomcat-catalina:9.0.13'
     compile 'org.apache.tomcat:tomcat-jasper:9.0.13'