Categorization: Unclassified Hi: I hope you can help, or forward this to someone who can.
I am an IT Team Lead at the Canada Revenue Agency (CRA). We are currently on Tika 1.2x and wanted to upgrade to 2.4.1 but are being blocked by internal security policies because of the three CVEs impacting it. Version 2.5.0 still has one of the vulnerabilities (CVE-2022-42003) so we still can’t upgrade to it either. When will CVE-2022-42003 be eliminated from Tika 2.5.x? Thank you, Fred Kurz
