[
https://issues.apache.org/jira/browse/SOLR-12423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16653585#comment-16653585
]
Tim Allison commented on SOLR-12423:
------------------------------------
Would a Solr committer be willing to help with this?
Tika 1.19.1 fixes ~8 oom/infinite loop vulnerabilities:
https://tika.apache.org/security.html
> Upgrade to Tika 1.19.1 when available
> -------------------------------------
>
> Key: SOLR-12423
> URL: https://issues.apache.org/jira/browse/SOLR-12423
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Tim Allison
> Priority: Major
> Time Spent: 40m
> Remaining Estimate: 0h
>
> In Tika 1.19, there will be the ability to call the ForkParser and specify a
> directory of jars from which to load the classes for the Parser in the child
> processes. This will allow us to remove all of the parser dependencies from
> Solr. We’ll still need tika-core, of course, but we could drop tika-app.jar
> in the child process’ bin directory and be done with the upgrade... no more
> fiddly dependency upgrades and threat of jar hell.
> The ForkParser also protects against ooms, infinite loops and jvm crashes.
> W00t!
> This issue covers the basic upgrading to 1.19.1. For the migration to the
> ForkParser, see SOLR-11721.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
