[ANNOUNCE] Apache Tika 1.24 released

2020-03-18 Thread Tim Allison
The Apache Tika project is pleased to announce the release of Apache Tika
1.24. The release contents have been pushed out to the main Apache
release site and to the Maven Central sync, so the releases should be
available as soon as the mirrors get the syncs.

Apache Tika is a toolkit for detecting and extracting metadata and
structured text content from various documents using existing parser
libraries.

Apache Tika 1.24 contains a number of improvements and bug fixes.
Details can be found in the changes file:
https://www.apache.org/dist/tika/CHANGES-1.24.txt

Apache Tika is available on the download page:
https://tika.apache.org/download.html

Apache Tika is also available in binary form or for use using Maven 2
from the Central Repository:
https://repo1.maven.org/maven2/org/apache/tika/

In the initial 48 hours, the release may not be available on all mirrors.
When downloading from a mirror site, please remember to verify the
downloads using signatures found:
https://www.apache.org/dist/tika/KEYS

For more information on Apache Tika, visit the project home page:
https://tika.apache.org/

-- Tim Allison, on behalf of the Apache Tika community


[CVE-2020-1951] Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser

2020-03-18 Thread Tim Allison
TItle: [CVE-2020-1951] Infinite Loop (DoS) vulnerability in Apache Tika's
PSDParser

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected: Apache Tika  1.0 to 1.23

Description:
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache
Tika's PSDParser in versions 1.0-1.23.


Mitigation:
Apache Tika users should upgrade to 1.24 or later.

Credit:
This issue was discovered by Tim Allison on the Apache Tika team.


[CVE-2020-1950] Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser

2020-03-18 Thread Tim Allison
Title: [CVE-2020-1950] Excessive memory usage (DoS) vulnerability in Apache
Tika's PSDParser

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected: Apache Tika  1.0 to 1.23

Description:
A carefully crafted or corrupt PSD file can cause excessive memory usage in
Apache
Tika's PSDParser in versions 1.0-1.23.


Mitigation:
Apache Tika users should upgrade to 1.24 or later.


Credit:
This issue was discovered by Pierre Ernst at Elastic.