[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}

Hi Tim,

> Y. You got CVE-2019-10088:
> https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6
> Two other commits you'll want are the following
> CVE-2019-10093:
> https://github.com/apache/tika/commit/81c21ab0aac6b3e4102a1a8906c8c7eab6f96dae
> CVE-2019-10094:
> https://github.com/apache/tika/commit/c4e63c9be8665cccea8b680c59a6f5cfbc03e0fc


I was wondering... is there any reason why tika developers don't include
CVE information in commit messages? This would ease the work of security
teams significantly.


[0] https://tika.apache.org/security.html

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: