On Thu, Jan 18, 2018 at 10:36:24PM +0100, Salvatore Bonaccorso wrote: > > > That link says: > > > Versions Affected: > > > Apache Tika 0.10 to 1.12 > > > > > > So perhaps 1.5 isn't affected after all? I tried to find the relevant > > > commit in the upstream git but failed :( > > > > Commit > > https://github.com/apache/tika/commit/f444fd784b99b181cd7bd54cdec9fbd132b4ef93 > > in 1.17 added a test case, so this might be related to changes in Xerces/J > > which are possibly bundled by Tika downloads? Might be worth clarifying with > > Tim Allison <talli...@apache.org>. > > Above, you said "so perhaps 1.5 isn't affected after all?". But why > this conclusion? 1.5 as currently in unstable and oldstable present > falls within the affected range of 0.15 and 1.12.
s/0.15/0.10/ in what you said just above, but yes, you're obviously right and I misread the range. Apologies for the confusion -- I guess I was too enthusiastic in trying to figure out an easy way out of this :) > So yes, maybe Tim Allison can help identify which are the required > commits, but best course might just to try to update to the newest > upstream version for unstable. Indeed! (but note that I'm not the maintainer) Thanks, Faidon
