Bug Crush Event - 21/2/2015
Here the Tika announce:
The Apache Tika project is pleased to announce the release of Apache
Tika 2.3.0. The release contents have been pushed out to the main
Apache release site and to the Maven Central sync.
Apache Tika is a toolkit for detecting and extracting metadata and
structured text content from various documents using existing parser
Apache Tika 2.3.0 includes several security upgrades in dependencies,
including an upgrade to log4j2 (version 2.17.1). This release also
includes a non-trivial upgrade to Apache POI 5.2.0 (
will observe significantly more logging from the POI parsers.
Details can be found in the changes file:
We currently still use 1.28 version because since 2.1.0 Tika throws a lot of compile errors. I tried to use 2.3.0 and there is much work. Fortunately we don't rely too much on Tika.
- In security component, only to check *.svg files in SecuredUpload::getMimeTypeFromFileName() and there is another final check in this method.
- In content: DataResourceWorker.getMimeTypeWithByteBuffer::getMimeTypeWithByteBuffer
- is cloned by
OFBIZ-12573 CLONE - [SECURITY] Upgrade Tika to 1.28.1
- relates to
OFBIZ-12626 [SECURITY] Upgrade Tika to 1.28.3
- links to