Re: 2.9.1 release?

Sat, 14 Oct 2023 04:27:20 -0700

Also many changes in excel files, e.g. ZDAC5OCEPVR6AHYY3BU3CZS7UX3F6J4Z, "false: 107382" becomes "0: 107382" so I guess there has been a change about how to interpret that value. Also "error" is now nothing. 

Tilman

On 14.10.2023 13:16, Tim Allison wrote:
Looks like we have a bunch of new "org.apache.poi.util.RecordFormatException: Tried to allocate an array of length 10,xxx,xxx, but the maximum length for this record type is 10,000,000." triggered by: org.apache.poi.hslf.usermodel.HSLFSlideShowImpl.readPictures ... I'm not sure why the regression tests didn't pick this up.
The changes in rfc822 detection have also had some effects.  The few handfuls that I've reviewed are actually positive changes.  I'll review systematically on Monday. 

On Sat, Oct 14, 2023 at 6:35 AM Tim Allison <[email protected]> wrote:

    Reports are here:
    https://corpora.tika.apache.org/base/reports/tika-2.9.1-reports.tgz

    I haven't had a chance to look at them yet. :(  Will take a look
    early Monday (ET).

    On Wed, Oct 11, 2023 at 10:24 AM Tim Allison <[email protected]>
    wrote:

        Unless there are objections, I'll kick off the 2.9.1
        regression tests shortly.  I just cherry-picked TIKA-4153 into
        2.x...will be interesting to see how that works.

        Best,

                   Tim

        On Tue, Oct 10, 2023 at 1:37 PM Tim Allison
        <[email protected]> wrote:

            All,
              Nandita's email didn't go through for some reason.
              Seems reasonable to kick off a 2.9.1 release cycle? 
            What do you think?

                  Best,

                          Tim

            *From:*Nandita Mohan
            *Sent:* Monday, October 9, 2023 3:41 PM
            *To:* [email protected]
            *Subject:* Requesting Tika Server release:
            commons-compress vulnerability

            Hi there,

            I work on a service which needs to upgrade our images due
            to this vulnerability in Apache /commons-compress/: Apache
            Commons Compress denial of service vulnerability ·
            CVE-2023-42503 · GitHub Advisory Database
            <https://github.com/advisories/GHSA-cgwf-w82q-5jrr>

            This is due to use of Tika Server 2.9.0 (Apache Tika –
            Apache Tika 1.27
            <https://tika.apache.org/2.9.0/index.html>), which has
            commons-compress as a dependency. I saw that Tim Allison
            recently updated this/commons-compress/ version in the
            Github mirror repo: TIKA-4123 -- general updates for
            3.0.0-BETA -- upgrade commons-compress ·
            apache/tika@3c88246 (github.com)
            
<https://github.com/apache/tika/commit/3c882460838c818ab2aff310d1fba9a084fe4800>

            We would greatly appreciate if this could be released to
            tika-server package in the next week , so we can update
            our images soon from this vulnerability.

            Thanks,

            Nandita Mohan

Reply via email to