Hi, folks. Built successfully on ArchLinux, OpenJDK 11 & 17 (Temurin-11.0.13+8 & 17.0.1+12) w/ Tesseract 4.1.1, Leptonica 1.82.0 except: * org.apache.tika.parser.ocr.TesseractOCRParserTest.confirmMultiPageTiffHandling (still extracts "Page?2" instead of "Page 2" on my laptop); * bunch of potential CVEs reported in age-recognizer due to old Netty, Hadoop, Avro, Mesos, Spark (web framework), Log4j 1.x, Jackson, Commons BeanUtils, Scala, Commons Collections, Zookeeper, I'm not sure if any affect Tika; * some slf4j and log4j2 issues in tests (multiple bindings or absent implementation).
I think we can ignore CVE-2021-45046 [1] <https://www.cve.org/CVERecord?id=CVE-2021-45046> now and update to log4j 2.16.0 in a few weeks, it has a much more narrow scope and we don't use MDC/ThreadContext in a vulnerable way from what I see. Checksums and GPG signatures seem fine. [x] +1 Release this package as Apache Tika 2.2.0 [ ] -1 Do not release this package because... [1]: https://www.cve.org/CVERecord?id=CVE-2021-45046 -- Best regards, Konstantin Gribov. On Wed, Dec 15, 2021 at 1:04 AM Oleg Tikhonov <[email protected]> wrote: > +1 > > > On 15 Dec 2021, at 0:01, Tim Allison <[email protected]> wrote: > > > > +1 > > > > On Tue, Dec 14, 2021 at 4:31 PM Lewis John McGibbney <[email protected] > > > > wrote: > > > >> I'll submit a PR for the README but I think it's also worthwile to > augment > >> the release management guide so that the message to review the release > >> candidate includes this information. > >> lewismc > >> > >> On 2021/12/14 20:17:05 Tim Allison wrote: > >>> Y, you're right. Lewis, where should we mention the Docker requirement > >>> on our site? > >>> > >>> On Tue, Dec 14, 2021 at 3:06 PM Lewis John McGibbney < > [email protected]> > >> wrote: > >>>> > >>>> Hi Ken, > >>>> > >>>> On 2021/12/13 22:38:49 Ken Krugler wrote: > >>>>> That error looks like you’ve got a connection issue with the Maven > >> central repo… > >>>>> > >>>>> — Ken > >>>> > >>>> Yes you are correct :) > >>>> > >>>> Once that issue sorted itself out my local build passed so my +1 > >> stands. > >>>> > >>>> I this it is worthwhile us stating that Docker is a prerequisite for > >> installing from source. This is required for the tika-pipes* modules. > >>>> > >>>> lewismc > >>> > >> > >
