[jira] [Comment Edited] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1
[
https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17823501#comment-17823501
]
Tilman Hausherr edited comment on COMPRESS-661 at 3/5/24 8:56 AM:
--
I built it locally and the tika build problems still occur if I revert my
workaround. They could be fixed by adding this at the end of
ArchiveInputStream.java
{code:java}
/**
* @return Always returns false.
*/
@Override
public boolean markSupported() {
return false;
}
/**
* Does nothing.
*/
@Override
public synchronized void reset() {
}
/**
* Does nothing.
*
* @param readlimit
*/
@Override
public synchronized void mark(int readlimit) {
}
{code}
was (Author: tilman):
I built it locally and the tika build problems still occur. They could be fixed
by adding this at the end of ArchiveInputStream.java
{code:java}
/**
* @return Always returns false.
*/
@Override
public boolean markSupported() {
return false;
}
/**
* Does nothing.
*/
@Override
public synchronized void reset() {
}
/**
* Does nothing.
*
* @param readlimit
*/
@Override
public synchronized void mark(int readlimit) {
}
{code}
> commons-compress 1.26.0 breaks Apache Tika 2.9.1
>
>
> Key: COMPRESS-661
> URL: https://issues.apache.org/jira/browse/COMPRESS-661
> Project: Commons Compress
> Issue Type: Bug
> Components: Compressors
>Affects Versions: 1.26.0
>Reporter: Alexander Veit
>Priority: Critical
> Attachments: testARofText.ar
>
>
> Apache Commons Compress 1.26.0 fixes
> * https://www.cve.org/CVERecord?id=CVE-2024-25710 and
> * https://www.cve.org/CVERecord?id=CVE-2024-26308.
> We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our
> deployments in order to fix these security vulnerabilities. But unfortunately
> now Apache Tika is broken:
> {noformat}
> org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from
> org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304)
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> at
> app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203)
> at app//org.apache.tika.Tika.parseToString(Tika.java:525)
> at app//org.apache.tika.Tika.parseToString(Tika.java:495)
> at ...
> Caused by: java.io.IOException: Resetting to invalid mark
> at
> java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446)
> at
> org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97)
> at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> ... 42 more
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1
[
https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17818863#comment-17818863
]
Tilman Hausherr edited comment on COMPRESS-661 at 2/20/24 7:39 PM:
---
{code:java}
ArArchiveInputStream ar = new ArArchiveInputStream(new BufferedInputStream(new
FileInputStream("../testARofText.ar")));
System.out.println("ar.markSupported(): " + ar.markSupported());
ArArchiveEntry aentry;
while ((aentry = ar.getNextEntry()) != null)
{
ar.mark(10);
ar.read(new byte[10]);
ar.reset();
System.out.println("AR: " + new String(ar.readAllBytes()));
}
{code}
This code will (properly) fail with 1.25.0 because mark/release is not
supported and markSupported() is false:
{noformat}
ar.markSupported(): false
Exception in thread "main" java.io.IOException: mark/reset not supported
at java.base/java.io.InputStream.reset(InputStream.java:655)
at
com.mycompany.maventikaproject.TilmanSevenTest.main(TilmanSevenTest.java:62)
{noformat}
With 1.26.0 it will bring this, while markSupported() is true:
{noformat}
ar.markSupported(): true
AR: Test d'indexation de Txt
http://www.a
Exception in thread "main" java.io.IOException: Truncated ar archive
at
org.apache.commons.compress.archivers.ar.ArArchiveInputStream.getNextArEntry(ArArchiveInputStream.java:281)
at
org.apache.commons.compress.archivers.ar.ArArchiveInputStream.getNextEntry(ArArchiveInputStream.java:351)
at
com.mycompany.maventikaproject.TilmanSevenTest.main(TilmanSevenTest.java:58)
{noformat}
was (Author: tilman):
{code:java}
ArArchiveInputStream ar = new ArArchiveInputStream(new BufferedInputStream(new
FileInputStream("../testARofText.ar")));
System.out.println("ar.markSupported(): " + ar.markSupported());
ArArchiveEntry aentry;
while ((aentry = ar.getNextEntry()) != null)
{
ar.mark(10);
ar.read(new byte[10]);
ar.reset();
System.out.println("AR: " + new String(ar.readAllBytes()));
}
{code}
This code will fail with 1.25.0 because mark/release is not supported and
markSupported() is false:
{noformat}
ar.markSupported(): false
Exception in thread "main" java.io.IOException: mark/reset not supported
at java.base/java.io.InputStream.reset(InputStream.java:655)
at
com.mycompany.maventikaproject.TilmanSevenTest.main(TilmanSevenTest.java:62)
{noformat}
With 1.26.0 it will bring this, while markSupported() is true:
{noformat}
ar.markSupported(): true
AR: Test d'indexation de Txt
http://www.a
Exception in thread "main" java.io.IOException: Truncated ar archive
at
org.apache.commons.compress.archivers.ar.ArArchiveInputStream.getNextArEntry(ArArchiveInputStream.java:281)
at
org.apache.commons.compress.archivers.ar.ArArchiveInputStream.getNextEntry(ArArchiveInputStream.java:351)
at
com.mycompany.maventikaproject.TilmanSevenTest.main(TilmanSevenTest.java:58)
{noformat}
> commons-compress 1.26.0 breaks Apache Tika 2.9.1
>
>
> Key: COMPRESS-661
> URL: https://issues.apache.org/jira/browse/COMPRESS-661
> Project: Commons Compress
> Issue Type: Bug
> Components: Compressors
>Affects Versions: 1.26.0
>Reporter: Alexander Veit
>Priority: Critical
> Attachments: testARofText.ar
>
>
> Apache Commons Compress 1.26.0 fixes
> * https://www.cve.org/CVERecord?id=CVE-2024-25710 and
> * https://www.cve.org/CVERecord?id=CVE-2024-26308.
> We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our
> deployments in order to fix these security vulnerabilities. But unfortunately
> now Apache Tika is broken:
> {noformat}
> org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from
> org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304)
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> at
> app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203)
> at app//org.apache.tika.Tika.parseToString(Tika.java:525)
> at app//org.apache.tika.Tika.parseToString(Tika.java:495)
> at ...
> Caused by: java.io.IOException: Resetting to invalid mark
> at
> java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446)
> at
> org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97)
> at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> ... 42 more
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1
[
https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17818863#comment-17818863
]
Tilman Hausherr edited comment on COMPRESS-661 at 2/20/24 7:38 PM:
---
{code:java}
ArArchiveInputStream ar = new ArArchiveInputStream(new BufferedInputStream(new
FileInputStream("../testARofText.ar")));
System.out.println("ar.markSupported(): " + ar.markSupported());
ArArchiveEntry aentry;
while ((aentry = ar.getNextEntry()) != null)
{
ar.mark(10);
ar.read(new byte[10]);
ar.reset();
System.out.println("AR: " + new String(ar.readAllBytes()));
}
{code}
This code will fail with 1.25.0 because mark/release is not supported and
markSupported() is false:
{noformat}
ar.markSupported(): false
Exception in thread "main" java.io.IOException: mark/reset not supported
at java.base/java.io.InputStream.reset(InputStream.java:655)
at
com.mycompany.maventikaproject.TilmanSevenTest.main(TilmanSevenTest.java:62)
{noformat}
With 1.26.0 it will bring this, while markSupported() is true:
{noformat}
ar.markSupported(): true
AR: Test d'indexation de Txt
http://www.a
Exception in thread "main" java.io.IOException: Truncated ar archive
at
org.apache.commons.compress.archivers.ar.ArArchiveInputStream.getNextArEntry(ArArchiveInputStream.java:281)
at
org.apache.commons.compress.archivers.ar.ArArchiveInputStream.getNextEntry(ArArchiveInputStream.java:351)
at
com.mycompany.maventikaproject.TilmanSevenTest.main(TilmanSevenTest.java:58)
{noformat}
was (Author: tilman):
{code:java}
ArArchiveInputStream ar = new ArArchiveInputStream(new BufferedInputStream(new
FileInputStream("../testARofText.ar")));
System.out.println("ar.markSupported(): " + ar.markSupported());
ArArchiveEntry aentry;
while ((aentry = ar.getNextEntry()) != null)
{
ar.mark(10);
ar.read(new byte[10]);
ar.reset();
System.out.println("AR: " + new String(ar.readAllBytes()));
}
{code}
This code will fail with 1.25.0 because mark/release is not supported and
markSupported() is false:
{code:java}
ar.markSupported(): false
Exception in thread "main" java.io.IOException: mark/reset not supported
at java.base/java.io.InputStream.reset(InputStream.java:655)
at
com.mycompany.maventikaproject.TilmanSevenTest.main(TilmanSevenTest.java:62)
{code}
With 1.26.0 it will bring this, while markSupported() is true:
ar.markSupported(): true
AR: Test d'indexation de Txt
http://www.a
Exception in thread "main" java.io.IOException: Truncated ar archive
at
org.apache.commons.compress.archivers.ar.ArArchiveInputStream.getNextArEntry(ArArchiveInputStream.java:281)
at
org.apache.commons.compress.archivers.ar.ArArchiveInputStream.getNextEntry(ArArchiveInputStream.java:351)
at
com.mycompany.maventikaproject.TilmanSevenTest.main(TilmanSevenTest.java:58)
> commons-compress 1.26.0 breaks Apache Tika 2.9.1
>
>
> Key: COMPRESS-661
> URL: https://issues.apache.org/jira/browse/COMPRESS-661
> Project: Commons Compress
> Issue Type: Bug
> Components: Compressors
>Affects Versions: 1.26.0
>Reporter: Alexander Veit
>Priority: Critical
> Attachments: testARofText.ar
>
>
> Apache Commons Compress 1.26.0 fixes
> * https://www.cve.org/CVERecord?id=CVE-2024-25710 and
> * https://www.cve.org/CVERecord?id=CVE-2024-26308.
> We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our
> deployments in order to fix these security vulnerabilities. But unfortunately
> now Apache Tika is broken:
> {noformat}
> org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from
> org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304)
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> at
> app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203)
> at app//org.apache.tika.Tika.parseToString(Tika.java:525)
> at app//org.apache.tika.Tika.parseToString(Tika.java:495)
> at ...
> Caused by: java.io.IOException: Resetting to invalid mark
> at
> java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446)
> at
> org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97)
> at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> ... 42 more
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1
[
https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17818898#comment-17818898
]
Tilman Hausherr edited comment on COMPRESS-661 at 2/20/24 4:35 PM:
---
Might be this one:
https://github.com/apache/commons-compress/commit/92d382e3cd6f1199340121ee8ad3bdf95f2154d0
FilterInputStream delegates markSupported(), but InputStream returns false. If
I'm right then the solution would be to return false instead of not having
markSupported() in ArchiveInputStream.
was (Author: tilman):
Might be this one:
https://github.com/apache/commons-compress/commit/92d382e3cd6f1199340121ee8ad3bdf95f2154d0
FilterInputStream delegates markSupported(), while InputStream returns false.
If I'm right then the solution would be to return false.
> commons-compress 1.26.0 breaks Apache Tika 2.9.1
>
>
> Key: COMPRESS-661
> URL: https://issues.apache.org/jira/browse/COMPRESS-661
> Project: Commons Compress
> Issue Type: Bug
> Components: Compressors
>Affects Versions: 1.26.0
>Reporter: Alexander Veit
>Priority: Critical
> Attachments: testARofText.ar
>
>
> Apache Commons Compress 1.26.0 fixes
> * https://www.cve.org/CVERecord?id=CVE-2024-25710 and
> * https://www.cve.org/CVERecord?id=CVE-2024-26308.
> We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our
> deployments in order to fix these security vulnerabilities. But unfortunately
> now Apache Tika is broken:
> {noformat}
> org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from
> org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304)
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> at
> app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203)
> at app//org.apache.tika.Tika.parseToString(Tika.java:525)
> at app//org.apache.tika.Tika.parseToString(Tika.java:495)
> at ...
> Caused by: java.io.IOException: Resetting to invalid mark
> at
> java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446)
> at
> org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97)
> at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> ... 42 more
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1
[
https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17818863#comment-17818863
]
Tilman Hausherr edited comment on COMPRESS-661 at 2/20/24 3:30 PM:
---
{code:java}
ArArchiveInputStream ar = new ArArchiveInputStream(new BufferedInputStream(new
FileInputStream("../testARofText.ar")));
System.out.println("ar.markSupported(): " + ar.markSupported());
ArArchiveEntry aentry;
while ((aentry = ar.getNextEntry()) != null)
{
ar.mark(10);
ar.read(new byte[10]);
ar.reset();
System.out.println("AR: " + new String(ar.readAllBytes()));
}
{code}
This code will fail with 1.25.0 because mark/release is not supported and
markSupported() is false:
{code:java}
ar.markSupported(): false
Exception in thread "main" java.io.IOException: mark/reset not supported
at java.base/java.io.InputStream.reset(InputStream.java:655)
at
com.mycompany.maventikaproject.TilmanSevenTest.main(TilmanSevenTest.java:62)
{code}
With 1.26.0 it will bring this, while markSupported() is true:
ar.markSupported(): true
AR: Test d'indexation de Txt
http://www.a
Exception in thread "main" java.io.IOException: Truncated ar archive
at
org.apache.commons.compress.archivers.ar.ArArchiveInputStream.getNextArEntry(ArArchiveInputStream.java:281)
at
org.apache.commons.compress.archivers.ar.ArArchiveInputStream.getNextEntry(ArArchiveInputStream.java:351)
at
com.mycompany.maventikaproject.TilmanSevenTest.main(TilmanSevenTest.java:58)
was (Author: tilman):
{code:java}
ArArchiveInputStream ar = new ArArchiveInputStream(new BufferedInputStream(new
FileInputStream("../testARofText.ar")));
System.out.println("ar.markSupported(): " + ar.markSupported());
ArArchiveEntry aentry;
while ((aentry = ar.getNextEntry()) != null)
{
ar.mark(10);
ar.read(new byte[10]);
ar.reset();
System.out.println("AR: " + new String(ar.readAllBytes()));
}
{code}
This code will fail with 1.25.0 because mark/release is not supported. With
1.26.0 it will bring this, while markSupported is true:
ar.markSupported(): true
AR: Test d'indexation de Txt
http://www.a
Exception in thread "main" java.io.IOException: Truncated ar archive
at
org.apache.commons.compress.archivers.ar.ArArchiveInputStream.getNextArEntry(ArArchiveInputStream.java:281)
at
org.apache.commons.compress.archivers.ar.ArArchiveInputStream.getNextEntry(ArArchiveInputStream.java:351)
at
com.mycompany.maventikaproject.TilmanSevenTest.main(TilmanSevenTest.java:58)
> commons-compress 1.26.0 breaks Apache Tika 2.9.1
>
>
> Key: COMPRESS-661
> URL: https://issues.apache.org/jira/browse/COMPRESS-661
> Project: Commons Compress
> Issue Type: Bug
> Components: Compressors
>Affects Versions: 1.26.0
>Reporter: Alexander Veit
>Priority: Critical
> Attachments: testARofText.ar
>
>
> Apache Commons Compress 1.26.0 fixes
> * https://www.cve.org/CVERecord?id=CVE-2024-25710 and
> * https://www.cve.org/CVERecord?id=CVE-2024-26308.
> We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our
> deployments in order to fix these security vulnerabilities. But unfortunately
> now Apache Tika is broken:
> {noformat}
> org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from
> org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304)
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> at
> app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203)
> at app//org.apache.tika.Tika.parseToString(Tika.java:525)
> at app//org.apache.tika.Tika.parseToString(Tika.java:495)
> at ...
> Caused by: java.io.IOException: Resetting to invalid mark
> at
> java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446)
> at
> org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97)
> at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> ... 42 more
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1
[
https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17818775#comment-17818775
]
Tilman Hausherr edited comment on COMPRESS-661 at 2/20/24 11:56 AM:
I'm working on it
https://github.com/apache/tika/pull/1605
The bug mentioned here is the "harmless" one, it goes away by increasing the
parameter to mark(). However there are more test failures, I'm trying to get
around them.
was (Author: tilman):
I'm working on it
[https://github.com/apache/pdfbox/pull/180]
The bug mentioned here is the "harmless" one, it goes away by increasing the
parameter to mark(). However there are more test failures, I'm trying to get
around them.
> commons-compress 1.26.0 breaks Apache Tika 2.9.1
>
>
> Key: COMPRESS-661
> URL: https://issues.apache.org/jira/browse/COMPRESS-661
> Project: Commons Compress
> Issue Type: Bug
> Components: Compressors
>Affects Versions: 1.26.0
>Reporter: Alexander Veit
>Priority: Critical
>
> Apache Commons Compress 1.26.0 fixes
> * https://www.cve.org/CVERecord?id=CVE-2024-25710 and
> * https://www.cve.org/CVERecord?id=CVE-2024-26308.
> We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our
> deployments in order to fix these security vulnerabilities. But unfortunately
> now Apache Tika is broken:
> {noformat}
> org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from
> org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304)
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> at
> app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203)
> at app//org.apache.tika.Tika.parseToString(Tika.java:525)
> at app//org.apache.tika.Tika.parseToString(Tika.java:495)
> at ...
> Caused by: java.io.IOException: Resetting to invalid mark
> at
> java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446)
> at
> org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97)
> at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> ... 42 more
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1
[
https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17818775#comment-17818775
]
Tilman Hausherr edited comment on COMPRESS-661 at 2/20/24 11:53 AM:
I'm working on it
[https://github.com/apache/pdfbox/pull/180]
The bug mentioned here is the "harmless" one, it goes away by increasing the
parameter to mark(). However there are more test failures, I'm trying to get
around them.
was (Author: tilman):
I'm working on it
[https://github.com/apache/pdfbox/pull/180]
The bug mentioned is the "harmless" one, it goes away by increasing the
parameter to mark. However there are more test failures, I'm trying to get
around them.
> commons-compress 1.26.0 breaks Apache Tika 2.9.1
>
>
> Key: COMPRESS-661
> URL: https://issues.apache.org/jira/browse/COMPRESS-661
> Project: Commons Compress
> Issue Type: Bug
> Components: Compressors
>Affects Versions: 1.26.0
>Reporter: Alexander Veit
>Priority: Critical
>
> Apache Commons Compress 1.26.0 fixes
> * https://www.cve.org/CVERecord?id=CVE-2024-25710 and
> * https://www.cve.org/CVERecord?id=CVE-2024-26308.
> We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our
> deployments in order to fix these security vulnerabilities. But unfortunately
> now Apache Tika is broken:
> {noformat}
> org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from
> org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304)
> at
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> at
> app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203)
> at app//org.apache.tika.Tika.parseToString(Tika.java:525)
> at app//org.apache.tika.Tika.parseToString(Tika.java:495)
> at ...
> Caused by: java.io.IOException: Resetting to invalid mark
> at
> java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446)
> at
> org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97)
> at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
> ... 42 more
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
