[jira] [Comment Edited] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1

Tue, 20 Feb 2024 03:54:05 -0800 


    [ 
https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17818775#comment-17818775
 ] 

Tilman Hausherr edited comment on COMPRESS-661 at 2/20/24 11:53 AM:
--------------------------------------------------------------------

I'm working on it

[https://github.com/apache/pdfbox/pull/180]

The bug mentioned here is the "harmless" one, it goes away by increasing the 
parameter to mark(). However there are more test failures, I'm trying to get 
around them.


was (Author: tilman):
I'm working on it

[https://github.com/apache/pdfbox/pull/180]

The bug mentioned is the "harmless" one, it goes away by increasing the 
parameter to mark. However there are more test failures, I'm trying to get 
around them.

> commons-compress 1.26.0 breaks Apache Tika 2.9.1
> ------------------------------------------------
>
>                 Key: COMPRESS-661
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-661
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Compressors
>    Affects Versions: 1.26.0
>            Reporter: Alexander Veit
>            Priority: Critical
>
> Apache Commons Compress 1.26.0 fixes
> * https://www.cve.org/CVERecord?id=CVE-2024-25710 and
> * https://www.cve.org/CVERecord?id=CVE-2024-26308.
> We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our 
> deployments in order to fix these security vulnerabilities. But unfortunately 
> now Apache Tika is broken:
> {noformat}
>   org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from 
> org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910
>     at 
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304)
>     at 
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
>     at 
> app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203)
>     at app//org.apache.tika.Tika.parseToString(Tika.java:525)
>     at app//org.apache.tika.Tika.parseToString(Tika.java:495)
>     at ...
>   Caused by: java.io.IOException: Resetting to invalid mark
>     at 
> java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446)
>     at 
> org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97)
>     at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
>     ... 42 more
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to