Jacques Le Roux created OFBIZ-12573:
---------------------------------------
Summary: CLONE - [SECURITY] Upgrade Tika to 1.28.1
Key: OFBIZ-12573
URL: https://issues.apache.org/jira/browse/OFBIZ-12573
Project: OFBiz
Issue Type: Bug
Components: content, framework/security
Affects Versions: 18.12.06, 22.01.01
Reporter: Jacques Le Roux
Assignee: Jacques Le Roux
Here the Tika announce:
{quote}
The Apache Tika project is pleased to announce the release of Apache
Tika 2.3.0. The release contents have been pushed out to the main
Apache release site and to the Maven Central sync.
Apache Tika is a toolkit for detecting and extracting metadata and
structured text content from various documents using existing parser
libraries.
Apache Tika 2.3.0 includes several security upgrades in dependencies,
including an upgrade to log4j2 (version 2.17.1). This release also
includes a non-trivial upgrade to Apache POI 5.2.0 (TIKA-3164); users
will observe significantly more logging from the POI parsers.
Details can be found in the changes file:
https://www.apache.org/dist/tika/2.3.0/CHANGES-2.3.0.txt
{quote}
We currently still use 1.28 version because since 2.1.0 Tika throws a lot of
compile errors. I tried to use 2.3.0 and there is much work. Fortunately we
don't rely too much on Tika.
* In security component, only to check *.svg files in
SecuredUpload::getMimeTypeFromFileName() and there is another final check in
this method.
* In content:
DataResourceWorker.getMimeTypeWithByteBuffer::getMimeTypeWithByteBuffer
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
