-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Several CVEs reported for this library #30
Comments
Thank you for this report.
Please let me know if I missed something. |
As Andreas says, these all seem to be against old versions of Apache Tika, not this library. So, for now, I'm going to close this as Incorrect / invalid report from automating tooling This library can be used without Tika at all. You only need Apache Tika to compile the parser/detector plugins for Tika, which you then add to your existing Tika install. We currently try to compile against the oldest possible Tika version we can, to allow as many people as possible to be able to use the latest version of the library as we can. We only bump that up if required. However, we probably will bump the minimum to Tika 2.0 fairly soon, to incorporate the breaking changes coming there. |
When running a NVD (National Vulnerability Database) check against this library, the following CVEs were reported for this library:
The text was updated successfully, but these errors were encountered: