tabula-java icon indicating copy to clipboard operation
tabula-java copied to clipboard
verified publisher icon tabulapdf

Gson vulnerability in tabula-1.0.5 release

Open gsonOutdated opened this issue 1 year ago • 3 comments

While gson version was updated to 2.0.9 to fix the following issue: https://github.com/advisories/GHSA-4jrv-ppp4-jm57 through https://github.com/tabulapdf/tabula-java/commit/ab93da966b42b3384ba69556b491e82a0580bcda the latest release https://github.com/tabulapdf/tabula-java/releases/tag/v1.0.5 still has the vulnerable version.

Would it be ok asking for a new release of tabula-java?

gsonOutdated avatar Feb 21 '24 14:02 gsonOutdated

Any update on this?

muhammad-asn avatar Apr 04 '24 04:04 muhammad-asn

+1, this is affecting me too

dfcan avatar Jul 15 '24 03:07 dfcan

This is affecting me due to tabula-py having tabula-java v1.0.5 within it

Please make a new release so they can update the wrapper afterwards

kuteninja avatar Apr 07 '25 20:04 kuteninja