ShakyaPr commented on PR #2437: URL: https://github.com/apache/tika/pull/2437#issuecomment-3640947112
Hi @tballison , Regarding this [CVE-2025-66516](https://github.com/advisories/GHSA-f58c-gq56-vjjf), based on the description, > First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. Based on this, do we need to have both `tika-parser-pdf-module` and `tika-core` to be exposed to the issue, or can the problem still appear when only the `detect` method of the Detector class is used? We rely on the `2.x` series of `tika-core` and use the detect method for MIME type validation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
