Light

carrot2 / lib-repackaged Goto Github PK

View Code? Open in Web Editor NEW

1.0 1.0 1.0 4 KB

Repackaged (shaded) libraries

Java 100.00%

lib-repackaged's Introduction

Carrot2

Carrot2 is a programming library for clustering text. It can automatically discover groups of related documents and label them with short key terms or phrases.

Carrot2 can turn, for example, search result titles and snippets into groups like these:

Installation

Carrot2 is a software component and typically integrates with other software as a library dependency (see the API documentation available with each release).

Binary releases are published on GitHub and they ship with a HTTP/JSON REST API service called the DCS (document clustering server) for integration with other languages.

Integration with document retrieval services is possible via Apache Solr plugin and Elasticsearch plugin.

Building from Sources

If you need to build the distribution from sources, run:

./gradlew -p distribution assemble

The distribution is placed under distribution/build/dist/ and a compressed version is available at distribution/build/distZip/

Documentation

The documentation for the latest release is always at https://carrot2.github.io/release/latest.
Developer documentation and examples are part of binary releases. Once downloaded and unpacked, start the DCS:
```
cd dcs
./dcs
```
and open the documentation at localhost:8080/doc/ or JavaDoc API reference localhost:8080/javadoc/.
Additional information is published on the project's wiki pages.

Source code

Source code is at GitHub.

Contact and more information

Issues, pull-requests, communication:
https://github.com/carrot2/carrot2

License

Carrot2 is licensed under the BSD license.

lib-repackaged's People

Contributors

Watchers

Forkers

smmathews-bw-boston

lib-repackaged's Issues

CVE-2018-10237

CVE-2018-10237

During deserialization, two Guava classes accept a caller-specified size parameter and eagerly allocate an array of that size:

AtomicDoubleArray (when serialized with Java serialization)
CompoundOrdering (when serialized with GWT serialization)

If a server deserializes instances sent by an attacker, the attacker can quickly force the server to allocate all its memory, without even sending the promised number of elements. Note that most servers that accept serialized data will deserialize objects of these types as long as they are on the classpath, even if they are not used by the server. (It is possible to set up an allow or denylist for Java serialization, but few service owners do. GWT serialization does operate with an allowlist by default, but it is usually a large, automatically generated list that often includes the problem class.)

Attack Vectors

To be affected, a server running Guava must deserialize data sent by an attacker (either Java serialization or GWT-RPC).

To avoid this

Fixed in guava versions 24.1.1 and 25.0
If not updating, then when using AtomicDoubleArray , CompoundOrdering the owners who are concerned about this problem should set a limit on the size of the object graph that their servers will accept.

More information on this can be found here

Things to do

Update to safer version of google guava 24.1.1 or 25.0

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.