TIKA-4162: exclude uimaj-core from ossindex-maven-plugin

apache · Nov 15, 2023 · 9b8ad9b · 9b8ad9b
1 parent 0e0a5e9
commit 9b8ad9b
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
@@ -1061,6 +1061,14 @@
                 <artifactId>h2</artifactId>
                 <version>2.2.224</version>
             </exclude>
+            <!-- CVE-2023-39913: Uima is used because ctakes is used in the
+            natural language process module. Serialization is only on data that is configured in
+            tika-config.xml. We don't think we'd be vulnerable to crafted user input. -->
+            <coordinate>
+                <groupId>org.apache.uima</groupId>
+                <artifactId>uimaj-core</artifactId>
+                <version>3.4.1</version>
+            </coordinate>
           </excludeCoordinates>
           <fail>true</fail>
         </configuration>