On a separate note, if you're upgrading from 1.x to 2.x, make sure your devs see: https://cwiki.apache.org/confluence/display/TIKA/Migrating+to+Tika+2.0.0, especially the Metadata section.
On Tue, Nov 1, 2022 at 2:53 PM Kurz, Fred via user <[email protected]> wrote: > *Categorization: Unclassified * > > Hi Tim: > > Thanks for the prompt response! It’s good to know the fix is coming. > > Thanks, > > Fred > > On 2022/11/01 18:32:31 Tim Allison wrote: > > Looks like an update was released about 2 weeks ago. I wasn't aware of > > that. I'll update it in main now. > > > > I'll check with the team on the dev list about our next release. > > > > Thank you for notifying us. > > > > On Tue, Nov 1, 2022 at 2:02 PM Kurz, Fred via user < > [email protected]> > > wrote: > > > > > *Categorization: Unclassified * > > > > > > Hi: > > > > > > > > > > > > I hope you can help, or forward this to someone who can. > > > > > > > > > > > > I am an IT Team Lead at the Canada Revenue Agency (CRA). We are > currently > > > on Tika 1.2x and wanted to upgrade to 2.4.1 but are being blocked by > > > internal security policies because of the three CVEs impacting it. > Version > > > 2.5.0 still has one of the vulnerabilities (CVE-2022-42003) so we > still > > > can’t upgrade to it either. > > > > > > > > > > > > When will CVE-2022-42003 be eliminated from Tika 2.5.x? > > > > > > > > > > > > Thank you, > > > > > > Fred Kurz > > > > > > > > > > > > > > > > > >
