Hi Tika Team,
I am looking for feasible solution for your problem as we are trying to compile branch_2x which has the fix for CVE-2025-54988 PDF XXE,
- We have few restrictions on compiling in our build room, we easy way to compile only the affected class files in that branch to get the fix into our build.
- Is there are way to compile only affected folders alone and use the class files in the 2.9.4 jar file, which is released. All we need is to get that fix into 2.9.4 without full compilation.
- When we compile tika-server-standard does it download dependent jar/class files while compiling as our build system doesn't have external access to download dependent files if any. If you could provide some light on this to compile very minimal without downloading jars/classes.
- Is it possible to compile from your end and share it us, I mean branch_2x which creates 2.9.5.
Our customers are very keen to get this fixed ASAP. Kindly provide best possible solution to get the vulnerability fix for 2.x release.
We appreciate your valuable time and response.
Regards,
Saravanan B
