Hello, in our project, we are using the latest version of Apache Tika Server 3.2.3 (tika-server-standard-3.2.3.jar)
The latest version of Apache Tika Server includes a security-vulnerable version of Eclipse Jetty: $ unzip tika-server-standard-3.2.3.jar -d tika $ cat tika/org/eclipse/jetty/version/build.properties buildNumber=7559873b6e46eea7c2c6da2b58327ea2ecf941f4 timestamp=1755194594457 version=11.0.26 The versions of Eclipse Jetty 7.0.0 - 12.0.11 are known to be affected by CVE-2024-6763: https://www.cve.org/CVERecord?id=CVE-2024-6763 Eclipse Jetty 12.0.12 resolves the issue. The latest version of Eclipse Jetty is 12.0.31 I would like to ask via this channel about plans to update the included version of Jetty in Apache Tika Server. Greetings Maik
