Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-2081

Add back 'fileUrl' functionality to TikaJAXRS Server subject to security controls

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.13
    • Fix Version/s: 2.0, 1.14
    • Component/s: server
    • Labels:
    • Environment:

      All versions

      Description

      Add back 'fileUrl' functionality from version 1.9 to TikaJAXRS Server subject to additional security controls:

      disable by default
      only enable if appropriate configuration flags are specified
      when enabled print warning displaying at least CVE ID: CVE-2015-3271.

      as discussed on dev@tika.apache.org mailing list under title "Query on correct use of 'fileUrl' in TikaJAXRS Server to extract document at remote url - my request is not working".

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tallison@apache.org Tim Allison
                Reporter:
                JDL John Dougrez-Lewis
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: