Author: deepak
Date: Wed Jan 30 08:53:29 2019
New Revision: 1852503
URL:
http://svn.apache.org/viewvc?rev=1852503&view=revLog:
Fixed: Upgrade Apache Tika to 1.20 (CVE-2018-8017/CVE-2018-17197)
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
Modified:
ofbiz/ofbiz-framework/trunk/build.gradle
Modified: ofbiz/ofbiz-framework/trunk/build.gradle
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/build.gradle?rev=1852503&r1=1852502&r2=1852503&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/build.gradle (original)
+++ ofbiz/ofbiz-framework/trunk/build.gradle Wed Jan 30 08:53:29 2019
@@ -150,8 +150,8 @@ dependencies {
compile 'org.apache.poi:poi:3.17'
compile 'org.apache.shiro:shiro-core:1.4.0'
compile 'org.apache.sshd:sshd-core:1.7.0'
- compile 'org.apache.tika:tika-core:1.18'
- compile 'org.apache.tika:tika-parsers:1.18'
+ compile 'org.apache.tika:tika-core:1.20'
+ compile 'org.apache.tika:tika-parsers:1.20'
compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.13'
compile 'org.apache.tomcat:tomcat-catalina:9.0.13'
compile 'org.apache.tomcat:tomcat-jasper:9.0.13'
Locked
