[ANNOUNCE] Apache Tika 2.1.0 released

2021-08-30 Thread Tim Allison
downloading from a mirror site, please remember to verify the downloads using signatures found: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[ANNOUNCE] Apache Tika 2.0.0 released

2021-07-21 Thread Tim Allison
downloading from a mirror site, please remember to verify the downloads using signatures found: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[ANNOUNCE] Apache Tika 1.27 released

2021-07-07 Thread Tim Allison
from a mirror site, please remember to verify the downloads using signatures found: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[ANNOUNCE] Apache Tika 2.0.0-BETA released

2021-06-01 Thread Tim Allison
mirrors. When downloading from a mirror site, please remember to verify the downloads using signatures found: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

CVE-2021-28657: Infinite loop in Apache Tika's MP3 parser

2021-03-30 Thread Tim Allison
Description: A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. Mitigation: Users should upgrade to 1.26 or later. Credit: Apache Tika would like to thank Khaled Nassar for

[ANNOUNCE] Apache Tika 1.26 released

2021-03-29 Thread Tim Allison
a mirror site, please remember to verify the downloads using signatures found: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[ANNOUNCE] Apache Tika 2.0.0-ALPHA released

2021-01-19 Thread Tim Allison
downloading from a mirror site, please remember to verify the downloads using signatures found: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[ANNOUNCE] Apache Tika 1.25 released

2020-12-02 Thread Tim Allison
a mirror site, please remember to verify the downloads using signatures found: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[CVE-2020-9489] Denial of Service (DOS) Vulnerabilities in Some of Apache Tika's Parsers

2020-04-24 Thread Tim Allison
: These vulnerabilities were discovered by Tim Allison on the Apache Tika team.

[ANNOUNCE] Apache Tika 1.24.1 released

2020-04-22 Thread Tim Allison
from a mirror site, please remember to verify the downloads using signatures found: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[CVE-2020-1951] Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser

2020-03-18 Thread Tim Allison
in versions 1.0-1.23. Mitigation: Apache Tika users should upgrade to 1.24 or later. Credit: This issue was discovered by Tim Allison on the Apache Tika team.

[CVE-2020-1950] Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser

2020-03-18 Thread Tim Allison
Title: [CVE-2020-1950] Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Tika 1.0 to 1.23 Description: A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache

[ANNOUNCE] Apache Tika 1.24 released

2020-03-18 Thread Tim Allison
a mirror site, please remember to verify the downloads using signatures found: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[ANNOUNCE] Apache Tika 1.23 released

2019-12-06 Thread Tim Allison
a mirror site, please remember to verify the downloads using signatures found: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[CVE-2019-10094] StackOverflow from Crafted Package/Compressed Files in Apache Tika's RecursiveParserWrapper

2019-08-02 Thread Tim Allison
/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21 of Apache Tika. Mitigation: Apache Tika users should upgrade to 1.22 or later. Credit: This issue was discovered by Tim Allison on the Apache Tika team. Many

[CVE-2019-10093] Denial of Service in Apache Tika's 2003ml and 2006ml Parsers

2019-08-02 Thread Tim Allison
and lead to very long hangs. Mitigation: Apache Tika users should upgrade to 1.22 or later. Credit: This issue was discovered by Tim Allison on the Apache Tika team.

[CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper

2019-08-02 Thread Tim Allison
Title: [CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Tika 1.7 to 1.21 Description: A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's

[ANNOUNCE] Apache Tika 1.22 released

2019-08-02 Thread Tim Allison
Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[ANNOUNCE] Apache Tika 1.21 released

2019-05-20 Thread Tim Allison
a mirror site, please remember to verify the downloads using signatures found: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3Parser

2018-12-22 Thread Tim Allison
SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. Mitigation: Apache Tika users should upgrade to 1.20 or later. Credit: This issue was discovered by Tim Allison on the Apache Tika Team.

[ANNOUNCE] Apache Tika 1.20 released

2018-12-22 Thread Tim Allison
a mirror site, please remember to verify the downloads using signatures found: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[CVE-2018-11796] Apache Tika Denial of Service via XML Entity Expansion Vulnerability

2018-10-09 Thread Tim Allison
CVE-2018-11796: Apache Tika Denial of Service via XML Entity Expansion Vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Tika 0.1 to 1.19 Description: In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing.

[ANNOUNCE] Apache Tika 1.19.1 released

2018-10-09 Thread Tim Allison
on all mirrors. When downloading from a mirror site, please remember to verify the downloads using signatures found on the Apache site: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: https://tika.apache.org/ -- Tim Allison, on behalf

[ANNOUNCE] Apache Tika 1.19 released

2018-09-19 Thread Tim Allison
a mirror site, please remember to verify the downloads using signatures found on the Apache site: https://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: http://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[CVE-2018-8017] Apache Tika Denial of Service Vulnerability -- Potential Infinite Loop in IptcAnpaParser

2018-09-19 Thread Tim Allison
CVE-2018-8017: Apache Tika Denial of Service Vulnerability -- Potential Infinite Loop in IptcAnpaParser Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Tika 1.2 to 1.18 Description: A carefully crafted file can trigger an infinite loop in Apache Tika's

[CVE-2018-11762] Zip Slip Vulnerability in Apache Tika's tika-app

2018-09-19 Thread Tim Allison
file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. Mitigation: Apache Tika users should upgrade to 1.19 or later Credit: This issue was discovered by Tim Allison on the Apache Tika team.

[CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability

2018-09-19 Thread Tim Allison
CVE-2018-11761: Apache Tika Denial of Service via XML Entity Expansion Vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Tika 0.1 to 1.18 Description: Apache Tika's XML parsers were not configured to limit entity expansion. They were therefore

Fwd: [ANNOUNCE] Apache Tika 1.18 released

2018-04-25 Thread Tim Allison
. When downloading from a mirror site, please remember to verify the downloads using signatures found on the Apache site: http://www.apache.org/dist/tika/KEYS For more information on Apache Tika, visit the project home page: http://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika

[CVE-2018-1335] Command Injection Vulnerability in Apache Tika’s tika-server module

2018-04-25 Thread Tim Allison
Credit: Tim Allison, a member of the Apache Tika team, discovered this.

CVE-2017-12626 – Denial of Service Vulnerabilities in Apache POI < 3.17

2018-01-26 Thread Tim Allison
ich accept content from external or untrusted sources are advised to upgrade to Apache POI 3.17 or newer. -Tim Allison on behalf of the Apache POI PMC   [0] https://bz.apache.org/bugzilla/show_bug.cgi?id=61338 [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61294 [2] https://bz.apache.org/bugzi

[ANNOUNCE] Apache Tika 1.17 released

2017-12-13 Thread Tim Allison
://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[ANNOUNCE] Apache Tika 1.16 released

2017-07-12 Thread Tim Allison
://tika.apache.org/ -- Tim Allison, on behalf of the Apache Tika community

[ANNOUNCE] Apache Tika 1.15 released

2017-05-30 Thread Tim Allison
not be available on all mirrors. When downloading from a mirror site, please remember to verify the downloads using signatures found on the Apache site: https://people.apache.org/keys/group/tika.asc For more information on Apache Tika, visit the project home page: http://tika.apache.org/ -- Tim