Thanks for the info. If you could provide some info on 3.2.3.r2 advisories yaml file
Regards,
Saravanan B
----- Original message -----
From: "Tilman Hausherr" <[email protected]>
To: [email protected]
Subject: Re: Tika 3.2.3 SocketAppender - CVE-2025-68161
Date: Thu, Feb 5, 2026 3:43 PM
- [CAUTION: This email is from outside the organization. Unless you trust the sender, don't click links or open attachments as it may be a phishing email, which can steal your information and compromise your computer.]
Hi,By your own admission you're using the console appender, not the socket apppender. And I didn't write that "SocketAppender has the impact with the Tika 3.2.3 usage", I wrote that we use that version, but not that feature.TilmanAm 05.02.2026 um 08:14 schrieb Saravanan Balakrishnan:Hi Tika Team,I am looking for clarification on SocketAppender which has impact of CVE-2025-68161 related to log4jWe use the below configuration for Tika logginglog4jTika.xml,<Console name="CONSOLE_APPENDER" target="SYSTEM_OUT">
<PatternLayout>
<Pattern>"%d{MM/dd/yyyy hh:mm:ss a} %-5p %c{1}:%L - %m%n"</Pattern>
</PatternLayout>
</Console> As you confirmed that SocketAppender has the impact with the Tika 3.2.3 usage, so I belive using the console logging is till impacted with the CVE-2025-68161. Can you please provide some information on below yaml file what 3.2.3.r2 stands for, going forward it would be easy to understand meta data info, https://github.com/wolfi-dev/advisories/blob/main/apache-tika-3.2.advisories.yaml Thanks in advance. Appreciate your valuable time and information. Regards, Saravanan B
