Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
1.26.0
-
None
Description
Apache Commons Compress 1.26.0 fixes
- https://www.cve.org/CVERecord?id=CVE-2024-25710 and
- https://www.cve.org/CVERecord?id=CVE-2024-26308.
We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our deployments in order to fix these security vulnerabilities. But unfortunately now Apache Tika is broken:
org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910
at app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304)
at app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
at app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203)
at app//org.apache.tika.Tika.parseToString(Tika.java:525)
at app//org.apache.tika.Tika.parseToString(Tika.java:495)
at ...
Caused by: java.io.IOException: Resetting to invalid mark
at java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446)
at org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97)
at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
... 42 more
Attachments
Attachments
Issue Links
- is related to
-
-
- Resolved
-
- relates to
-
COMPRESS-670 Support mark() and reset() in ArchiveInputStream
-
- Open
-