Hi, Our CVE scan reports the same CVE-2024-6763 issue for Apache Tika 3.2.3.
The versions of Eclipse Jetty 7.0.0 - 12.0.11 are known to be affected by CVE-2024-6763: https://www.cve.org/CVERecord?id=CVE-2024-6763 As stated, Apache Tika 3.2.3 includes Jetty 11.0.26 Now, Eclipse Jetty 12.0.12 resolves the issue. The latest version of Eclipse Jetty is 12.0.31 So, to resolve this (and other) issues, the security-vulnerable version has to be replaced by the latest version. When will the included version of Jetty be updated in Apache Tika? Greetings Maik On 2025/11/26 11:51:35 Tilman Hausherr wrote: > Hi, > > The current version is 3.2.3 and that one uses 11.0.26. > > Tilman > > Am 26.11.2025 um 12:46 schrieb Saravanan Balakrishnan: > > Thanks for the mail. Is there plan to fix for CVE-2024-6763 > > jetty-http-11.0.25.jar file used in the Tika 3.2.2, > > https://nvd.nist.gov/vuln/detail/cve-2024-6763 > > Regards, > > Saravanan B
