All, I'd like to thank Tobias (bcc'd) publicly on our list for his help identifying numerous DoS vulnerabilities in Apache Tika and in several of our dependencies. We've fixed a few of these in 1.18 and quite a few more in our recent 1.19 release.
You can see Tobias is on our leader board here: http://tika.apache.org/security.html :) Tobias recently posted this great blog post on his work: https://www.modzero.ch/modlog/archives/2018/09/20/java_bugs_with_and_without_fuzzing/index.html Thank you, Tobias! Cheers, Tim P.S. Please let us know what else you find! :D
