Xiaochen Wang

SNOW-526378: CVE-2021-33813 Vulnerability issue for tika 1.22 since snowflake-jdbc 3.9.0

1

Currently snowflake-jdbc (we are using 3.13.3) has dependency on **Tika 1.22** which was reported in our product that facing CVE-2021-33813 Vulnerability issue. Any solution for this? CVE-2021-33813 NVD: 2021/06/16 -...

The current dependency to jsoup 1.9.2 expose this project to vulnerability CVE-2021-37714. Please check if we can merge PR https://github.com/giflw/remark-java/pull/14 or https://github.com/giflw/remark-java/pull/15 to bump the version of jsoup. Thanks.

The main component to update is jsoup 1.9.2 which has the vulnerability CVE-2021-37714 Updating to 1.14.3.