Hi Tika Team,
I am looking for clarification on SocketAppender which has impact of CVE-2025-68161 related to log4j
We use the below configuration for Tika logging
log4jTika.xml,
<Console name="CONSOLE_APPENDER" target="SYSTEM_OUT">
<PatternLayout>
<Pattern>"%d{MM/dd/yyyy hh:mm:ss a} %-5p %c{1}:%L - %m%n"</Pattern>
</PatternLayout>
</Console>
<PatternLayout>
<Pattern>"%d{MM/dd/yyyy hh:mm:ss a} %-5p %c{1}:%L - %m%n"</Pattern>
</PatternLayout>
</Console>
As you confirmed that SocketAppender has the impact with the Tika 3.2.3 usage, so I belive using the console logging is till impacted with the CVE-2025-68161.
Can you please provide some information on below yaml file what 3.2.3.r2 stands for, going forward it would be easy to understand meta data info,
Thanks in advance. Appreciate your valuable time and information.
Regards,
Saravanan B
