On Mon, 13 Oct 2025, Saravanan Balakrishnan wrote:
Hi Tika Team, I am looking for feasible solution for your problem as we are trying to compile branch_2x which has the fix for CVE-2025-54988 PDF XXE,
If you're not able to solve this yourelf, and you're unable to follow Tilman's advice to upgrade to 3.x (which continues to receive security fixes, and thus will have new releases when the inevitable future next issue arrises), there are some companies out there who will offer you commercial support for out-of-date software. The main one who springs to mind (since they sponsored the recent Apache conference!) is HeroDevs.
Maybe give them (or someone like them) a ring to find out how much fully-supported backports with SLAs for your mission-critical software might be?
Nick
