Am 14.11.2025 um 09:31 schrieb Saravanan Balakrishnan:
Hi Tika Team,
Please confirm the below listed vulnerability reported for Tika 2.9.5
snapshot build, is there any chance of fixing in the Tika 2.9.5
snapshot build or what is the impact on these reported CVE.
Vulnerability IDLibrary
CVE-2025-22233spring-context-5.3.39.jar
used for a one line example
CVE-2024-47554commons-io-2.7.jar
we use 2.20
CVE-2025-48924commons-lang3-3.17.0.jar
we use 3.19.0
CVE-2024-45687grizzly-http-3.0.1.jar
I don't see that this is used, maybe indirectly?
CVE-2024-38820spring-context-5.3.39.jar
used for a one line example
CVE-2025-8916bcprov-jdk18on-1.78.jar
we use 1.82
CVE-2020-15250junit-4.10.jar
That is used for build tests.
CVE-2020-8908guava-18.0.jar
CVE-2023-2976guava-18.0.jar
We use 33.5.0-jre
CVE-2025-48924commons-lang3-3.10.jar
We use 3.19.0
CVE-2025-41242spring-beans-5.3.39.jar
used for a one line example.
Please don't make such posts before doing a minimum of research. Spring
is used for tika-examples, and junit is for build tests. This isn't
production code.
Tilman
Kindly revert back. Thanks in advance for your valuable time.
Regards,
Saravanan B
