[jira] [Commented] (TIKA-2081) Add back 'fileUrl' functionality to TikaJAXRS Server subject to security controls

Fri, 23 Sep 2016 07:18:02 -0700 

    [ 
https://issues.apache.org/jira/browse/TIKA-2081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15516569#comment-15516569
 ] 

Hudson commented on TIKA-2081:
------------------------------

FAILURE: Integrated in Jenkins build tika-2.x-windows #53 (See 
[https://builds.apache.org/job/tika-2.x-windows/53/])
  * Re-enable fileUrl for tika-server (TIKA-2081).  If you choose,     
(tallison: rev ce1fc3720cdcd84b5523b14fc28fd2fb355c9ee2)
* (add) tika-server/src/main/java/org/apache/tika/server/InputStreamFactory.java
* (edit) 
tika-server/src/main/java/org/apache/tika/server/resource/RecursiveMetadataResource.java
* (edit) 
tika-server/src/main/java/org/apache/tika/server/resource/TikaResource.java
* (edit) 
tika-server/src/main/java/org/apache/tika/server/resource/MetadataResource.java
* (edit) tika-server/src/test/java/org/apache/tika/server/CXFTestBase.java
* (edit) 
tika-server/src/main/java/org/apache/tika/server/resource/DetectorResource.java
* (add) 
tika-server/src/main/java/org/apache/tika/server/URLEnabledInputStreamFactory.java
* (edit) 
tika-server/src/main/java/org/apache/tika/server/resource/UnpackerResource.java
* (edit) CHANGES.txt
* (add) 
tika-server/src/main/java/org/apache/tika/server/DefaultInputStreamFactory.java
* (edit) tika-server/src/main/java/org/apache/tika/server/TikaServerCli.java


> Add back 'fileUrl' functionality to TikaJAXRS Server subject to security 
> controls
> ---------------------------------------------------------------------------------
>
>                 Key: TIKA-2081
>                 URL: https://issues.apache.org/jira/browse/TIKA-2081
>             Project: Tika
>          Issue Type: Task
>          Components: server
>    Affects Versions: 1.13
>         Environment: All versions
>            Reporter: John Dougrez-Lewis
>            Assignee: Tim Allison
>            Priority: Minor
>              Labels: features, security
>             Fix For: 2.0, 1.14
>
>
> Add back 'fileUrl' functionality from version 1.9 to TikaJAXRS Server subject 
> to additional security controls:
> disable by default
> only enable if appropriate configuration flags are specified
> when enabled print warning displaying at least CVE ID: CVE-2015-3271.
> as discussed on dev@tika.apache.org mailing list under title "Query on 
> correct use of 'fileUrl' in TikaJAXRS Server to extract document at remote 
> url - my request is not working".



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to