Looks like an update was released about 2 weeks ago. I wasn't aware of that. I'll update it in main now.
I'll check with the team on the dev list about our next release. Thank you for notifying us. On Tue, Nov 1, 2022 at 2:02 PM Kurz, Fred via user <[email protected]> wrote: > *Categorization: Unclassified * > > Hi: > > > > I hope you can help, or forward this to someone who can. > > > > I am an IT Team Lead at the Canada Revenue Agency (CRA). We are currently > on Tika 1.2x and wanted to upgrade to 2.4.1 but are being blocked by > internal security policies because of the three CVEs impacting it. Version > 2.5.0 still has one of the vulnerabilities (CVE-2022-42003) so we still > can’t upgrade to it either. > > > > When will CVE-2022-42003 be eliminated from Tika 2.5.x? > > > > Thank you, > > Fred Kurz > > > > >
