[jira] [Updated] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1
[ https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tilman Hausherr updated COMPRESS-661: - Attachment: testARofText.ar > commons-compress 1.26.0 breaks Apache Tika 2.9.1 > > > Key: COMPRESS-661 > URL: https://issues.apache.org/jira/browse/COMPRESS-661 > Project: Commons Compress > Issue Type: Bug > Components: Compressors >Affects Versions: 1.26.0 >Reporter: Alexander Veit >Priority: Critical > Attachments: testARofText.ar > > > Apache Commons Compress 1.26.0 fixes > * https://www.cve.org/CVERecord?id=CVE-2024-25710 and > * https://www.cve.org/CVERecord?id=CVE-2024-26308. > We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our > deployments in order to fix these security vulnerabilities. But unfortunately > now Apache Tika is broken: > {noformat} > org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from > org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910 > at > app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304) > at > app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298) > at > app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203) > at app//org.apache.tika.Tika.parseToString(Tika.java:525) > at app//org.apache.tika.Tika.parseToString(Tika.java:495) > at ... > Caused by: java.io.IOException: Resetting to invalid mark > at > java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446) > at > org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97) > at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298) > ... 42 more > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1
[ https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alexander Veit updated COMPRESS-661: Description: Apache Commons Compress 1.26.0 fixes * https://www.cve.org/CVERecord?id=CVE-2024-25710 and * https://www.cve.org/CVERecord?id=CVE-2024-26308. We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our deployments in order to fix these security vulnerabilities. But unfortunately now Apache Tika is broken: {noformat} org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910 at app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304) at app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298) at app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203) at app//org.apache.tika.Tika.parseToString(Tika.java:525) at app//org.apache.tika.Tika.parseToString(Tika.java:495) at ... Caused by: java.io.IOException: Resetting to invalid mark at java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446) at org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97) at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298) ... 42 more {noformat} was: Apache Commons Compress 1.26.0 fixes * https://www.cve.org/CVERecord?id=CVE-2024-25710 and * https://www.cve.org/CVERecord?id=CVE-2024-26308. We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our deployments in order to fix these security vulnerabilities. But unfortunately now Apache Tika is broken: {code:text} org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910 at app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304) at app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298) at app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203) at app//org.apache.tika.Tika.parseToString(Tika.java:525) at app//org.apache.tika.Tika.parseToString(Tika.java:495) at ... Caused by: java.io.IOException: Resetting to invalid mark at java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446) at org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97) at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298) ... 42 more {code} > commons-compress 1.26.0 breaks Apache Tika 2.9.1 > > > Key: COMPRESS-661 > URL: https://issues.apache.org/jira/browse/COMPRESS-661 > Project: Commons Compress > Issue Type: Bug > Components: Compressors >Affects Versions: 1.26.0 >Reporter: Alexander Veit >Priority: Critical > > Apache Commons Compress 1.26.0 fixes > * https://www.cve.org/CVERecord?id=CVE-2024-25710 and > * https://www.cve.org/CVERecord?id=CVE-2024-26308. > We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our > deployments in order to fix these security vulnerabilities. But unfortunately > now Apache Tika is broken: > {noformat} > org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from > org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910 > at > app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304) > at > app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298) > at > app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203) > at app//org.apache.tika.Tika.parseToString(Tika.java:525) > at app//org.apache.tika.Tika.parseToString(Tika.java:495) > at ... > Caused by: java.io.IOException: Resetting to invalid mark > at > java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446) > at > org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97) > at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298) > ... 42 more > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)