Am 27.01.2026 um 15:46 schrieb Saravanan Balakrishnan:
Hello Tika Team,
Please check and more details on the CVE CVE-2025-68161 which is
related to log4j and based on my analysis it is mentioned that its
been fixed in the Tika 3.2.3.r2, refer below screenshot,
Let us know the impact on this CVE in Tika along with that is it
possible to download Tika 3.2.3.r2.
3.2.3 does use that version
https://mvnrepository.com/artifact/org.apache.tika/tika-core/3.2.3/dependencies
However this is about the "socket appender". We log on the console.
Tilman
