Unless there are objections, I’ll try to get poi 5.x working in the bundle a bit tomorrow morning (EST). I’ll create an rc1 by noon. If I’m successful w POI, that’ll be included; if not, we can upgrade early in the new year along w PDFBox.
On Sun, Dec 12, 2021 at 3:14 PM Tim Allison <[email protected]> wrote: > Y > > On Sun, Dec 12, 2021 at 4:59 AM Cristian Zamfir <[email protected]> > wrote: > >> Thanks Tim, >> Sounds good. Just checking, I suppose this option needs to be added >> explicitly to <server/>, <pipes/> and <async/> to override the default >> settings, even if these are not specified at all in tikaConfig.xml, is >> that >> right? >> >> >> >> On Sat, Dec 11, 2021 at 2:05 PM Tim Allison <[email protected]> wrote: >> >> > Cristian, >> > Until the next release, you can add: -Dlog4j2.formatMsgNoLookups=true. >> > >> > If you're running Tika server in 1.x with spawnChild mode, add >> > -JDlog4j2.formatMsgNoLookups=true >> > In 2.x add -Dlog4j2.formatMsgNoLookups=true to the forkedJvmArgs >> > element in the <server/>, <pipes/> and <async/> elements in >> > tikaConfig.xml >> > >> > On Sat, Dec 11, 2021 at 3:42 AM Cristian Zamfir <[email protected]> >> > wrote: >> > > >> > > It would be great to also update the Docker containers, it is a >> critical >> > > vulnerability IMO. Thanks! >> > > >> > > >> > > On Fri, Dec 10, 2021 at 5:41 PM Tim Allison <[email protected]> >> wrote: >> > > >> > > > All, >> > > > As you've probably heard, a dire rce was recently announced in >> > > > log4j2. I suspect it would be fairly easy to develop a PoC to show >> > > > that we're vulnerable. It isn't as straightforward as webapps that >> > > > are logging direct user input, but I don't think it would take much. >> > > > Should we push for a 2.x release in the next few days? >> > > > >> > > > Best, >> > > > >> > > > Tim >> > > > >> > > -- >> > > Cristian Zamfir >> > > Co-founder/VP of Reliability and Security - Cyberhaven >> > > https://cyberhaven.com >> > > https://www.linkedin.com/in/cristizamfir/ >> > > Mobile: +41 (798) 241-698 / +1 (617) 651-1306 >> > >> >
