Thanks a lot for the details. So, upgrading from 3.2.2 to 3.2.3 will resolve the CVE-2024-6763 problem.
Regards,
Saravanan B
----- Original message -----
From: "Tilman Hausherr" <[email protected]>
To: [email protected]
Subject: Re: Tika 3.2.2 CVE scan report
Date: Wed, Nov 26, 2025 5:22 PM
- [CAUTION: This email is from outside the organization. Unless you trust the sender, don't click links or open attachments as it may be a phishing email, which can steal your information and compromise your computer.]
Hi,The current version is 3.2.3 and that one uses 11.0.26.TilmanAm 26.11.2025 um 12:46 schrieb Saravanan Balakrishnan:Thanks for the mail. Is there plan to fix for CVE-2024-6763 jetty-http-11.0.25.jar file used in the Tika 3.2.2,Regards,Saravanan B----- Original message -----
From: "Tilman Hausherr" <[email protected]>
To: [email protected]
Subject: Re: Tika 3.2.2 CVE scan report
Date: Wed, Nov 26, 2025 5:05 PM
- [CAUTION: This email is from outside the organization. Unless you trust the sender, don't click links or open attachments as it may be a phishing email, which can steal your information and compromise your computer.]
Hi,That's not our job, that's yours. Especially considering that at least one of this (spring) was answered several times on this mailing list.TilmanAm 26.11.2025 um 12:31 schrieb Saravanan Balakrishnan:Hi Tika team,I have performed initial analysis on the scan report which is attached with this mail as excel.Need your input on the list of CVEs and its impact in Tika 3.2.2, so that we can plan our next build according as well as I will inform to our customer regarding these known issue.Thanks for your valuable time in advance.Regards,Saravanan B
