Hi, https://issues.apache.org/jira/browse/TIKA-4152
We should fix this. This item was created almost 6 months ago, is it possible for someone to take a look at it please? Many thanks Tom On Mon, 16 Oct 2023 at 11:46, Tom Conlon <[email protected]> wrote: > Hi, > Would it be possible for the issue "Fix tika as a service" > https://issues.apache.org/jira/browse/TIKA-4152 > to be reviewed before release? > > Thanks > Tom > > On Mon, 16 Oct 2023 at 11:19, Tim Allison <[email protected]> wrote: > >> Y, I think that issue was raised during early regression tests, and it >> seemed to make sense. >> >> The new readPictures exception was caused by: >> https://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java?r1=1911524&r2=1911525&; >> on August 7. I still can't explain why this didn't show up in the >> regression tests in late September. My only guess is that I didn't >> correctly swap out the tika-app jar version from the bin/ directory. :( >> >> I'm not sure if it is better to arbitrarily set the max override to a >> large value or revert the POI upgrade. >> >> On Sat, Oct 14, 2023 at 7:27 AM Tilman Hausherr <[email protected]> >> wrote: >> >>> Also many changes in excel files, e.g. ZDAC5OCEPVR6AHYY3BU3CZS7UX3F6J4Z, >>> "false: 107382" becomes "0: 107382" so I guess there has been a change >>> about how to interpret that value. Also "error" is now nothing. >>> >>> Tilman >>> >>> On 14.10.2023 13:16, Tim Allison wrote: >>> >>> Looks like we have a bunch of new >>> "org.apache.poi.util.RecordFormatException: Tried to allocate an array of >>> length 10,xxx,xxx, but the maximum length for this record type is >>> 10,000,000." triggered by: >>> org.apache.poi.hslf.usermodel.HSLFSlideShowImpl.readPictures ... I'm not >>> sure why the regression tests didn't pick this up. >>> >>> The changes in rfc822 detection have also had some effects. The few >>> handfuls that I've reviewed are actually positive changes. I'll review >>> systematically on Monday. >>> >>> On Sat, Oct 14, 2023 at 6:35 AM Tim Allison <[email protected]> wrote: >>> >>>> Reports are here: >>>> https://corpora.tika.apache.org/base/reports/tika-2.9.1-reports.tgz >>>> >>>> I haven't had a chance to look at them yet. :( Will take a look early >>>> Monday (ET). >>>> >>>> On Wed, Oct 11, 2023 at 10:24 AM Tim Allison <[email protected]> >>>> wrote: >>>> >>>>> Unless there are objections, I'll kick off the 2.9.1 regression tests >>>>> shortly. I just cherry-picked TIKA-4153 into 2.x...will be interesting to >>>>> see how that works. >>>>> >>>>> Best, >>>>> >>>>> Tim >>>>> >>>>> On Tue, Oct 10, 2023 at 1:37 PM Tim Allison <[email protected]> >>>>> wrote: >>>>> >>>>>> All, >>>>>> Nandita's email didn't go through for some reason. >>>>>> Seems reasonable to kick off a 2.9.1 release cycle? What do you >>>>>> think? >>>>>> >>>>>> Best, >>>>>> >>>>>> Tim >>>>>> >>>>>> >>>>>> >>>>>> *From:* Nandita Mohan >>>>>> *Sent:* Monday, October 9, 2023 3:41 PM >>>>>> *To:* [email protected] >>>>>> *Subject:* Requesting Tika Server release: commons-compress >>>>>> vulnerability >>>>>> >>>>>> >>>>>> >>>>>> Hi there, >>>>>> >>>>>> >>>>>> >>>>>> I work on a service which needs to upgrade our images due to this >>>>>> vulnerability in Apache *commons-compress*: Apache Commons Compress >>>>>> denial of service vulnerability · CVE-2023-42503 · GitHub Advisory >>>>>> Database >>>>>> <https://github.com/advisories/GHSA-cgwf-w82q-5jrr> >>>>>> >>>>>> >>>>>> >>>>>> This is due to use of Tika Server 2.9.0 (Apache Tika – Apache Tika >>>>>> 1.27 <https://tika.apache.org/2.9.0/index.html>), which has >>>>>> commons-compress as a dependency. I saw that Tim Allison recently updated >>>>>> this* commons-compress* version in the Github mirror repo: TIKA-4123 >>>>>> -- general updates for 3.0.0-BETA -- upgrade commons-compress · >>>>>> apache/tika@3c88246 (github.com) >>>>>> <https://github.com/apache/tika/commit/3c882460838c818ab2aff310d1fba9a084fe4800> >>>>>> >>>>>> >>>>>> >>>>>> We would greatly appreciate if this could be released to tika-server >>>>>> package in the next week , so we can update our images soon from this >>>>>> vulnerability. >>>>>> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Nandita Mohan >>>>>> >>>>> >>>
