[jira] [Commented] (TIKA-2081) Add back 'fileUrl' functionality to TikaJAXRS Server subject to security controls

[Hudson (JIRA)]

    [ 
https://issues.apache.org/jira/browse/TIKA-2081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15516850#comment-15516850
 ] 

Hudson commented on TIKA-2081:
------------------------------

SUCCESS: Integrated in Jenkins build Tika-trunk #1107 (See 
[https://builds.apache.org/job/Tika-trunk/1107/])
TIKA-2081 -- add fileUrl back into tika-server (tallison: rev 
d612aea850060c7d77124f79c525f68032a11031)
* (edit) tika-server/src/test/java/org/apache/tika/server/CXFTestBase.java
* (edit) 
tika-server/src/main/java/org/apache/tika/server/resource/UnpackerResource.java
* (edit) 
tika-server/src/main/java/org/apache/tika/server/resource/RecursiveMetadataResource.java
* (edit) 
tika-server/src/main/java/org/apache/tika/server/resource/TikaResource.java
* (edit) 
tika-server/src/main/java/org/apache/tika/server/resource/MetadataResource.java
* (edit) 
tika-server/src/main/java/org/apache/tika/server/resource/DetectorResource.java
* (add) 
tika-server/src/main/java/org/apache/tika/server/URLEnabledInputStreamFactory.java
* (add) 
tika-server/src/main/java/org/apache/tika/server/DefaultInputStreamFactory.java
* (add) tika-server/src/main/java/org/apache/tika/server/InputStreamFactory.java
* (edit) tika-server/src/main/java/org/apache/tika/server/TikaServerCli.java
TIKA-2081 -- add fileUrl back into tika-server, update changes.txt (tallison: 
rev b58368f3f42f52adb76541b7a321e15bab5e04dc)
* (edit) CHANGES.txt


> Add back 'fileUrl' functionality to TikaJAXRS Server subject to security 
> controls
> ---------------------------------------------------------------------------------
>
>                 Key: TIKA-2081
>                 URL: https://issues.apache.org/jira/browse/TIKA-2081
>             Project: Tika
>          Issue Type: Task
>          Components: server
>    Affects Versions: 1.13
>         Environment: All versions
>            Reporter: John Dougrez-Lewis
>            Assignee: Tim Allison
>            Priority: Minor
>              Labels: features, security
>             Fix For: 2.0, 1.14
>
>
> Add back 'fileUrl' functionality from version 1.9 to TikaJAXRS Server subject 
> to additional security controls:
> disable by default
> only enable if appropriate configuration flags are specified
> when enabled print warning displaying at least CVE ID: CVE-2015-3271.
> as discussed on dev@tika.apache.org mailing list under title "Query on 
> correct use of 'fileUrl' in TikaJAXRS Server to extract document at remote 
> url - my request is not working".



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)