[this newsletter is available online at https://s.apache.org/y4t3c]
Welcome August!! --let's take a look back at what the collective Apache
community has been working on over the past week:
ASF Board – management and oversight of the business affairs of the
corporation in accordance with the Foun
Title: [CVE-2019-10094] StackOverflow from Crafted Package/Compressed
Files in Apache Tika's RecursiveParserWrapper
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: Apache Tika 1.7 to 1.21
Description:
A carefully crafted package/compressed file that, when
unzipped/un
Title: [CVE-2019-10093] Denial of Service in Apache Tika's 2003ml and
2006ml Parsers
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: Apache Tika 1.19 to 1.21
Description:
A carefully crafted 2003ml or 2006ml file could consume all available
SAXParsers in the pool and
Title: [CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's
RecursiveParserWrapper
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: Apache Tika 1.7 to 1.21
Description:
A carefully crafted or corrupt zip file can cause an OOM in Apache
Tika's RecursiveParserW
The Apache Tika project is pleased to announce the release of Apache Tika
1.22. The release contents have been pushed out to the main Apache
release site and to the Maven Central sync, so the releases should be
available as soon as the mirrors get the syncs.
Apache Tika is a toolkit for detecting