malliaridis opened a new pull request, #3674: URL: https://github.com/apache/solr/pull/3674
https://issues.apache.org/jira/browse/SOLR-17888 # Description With Apache Tika being strongly outdated, we have several CVEs reported in the extraction and langid modules. # Solution This PR upgrade Apache Tika to 3.2.3 and some depencies that were included as transitive dependencies with Tika (log4j and commons-io). Please note that forbidden-api is currently missing the commons-io 2.20.0 signatures and therefore a bypass is added to this PR. Therefore two additional tasks were added (see pending changes below). The PR introduces breaking changes (therefore backporting should probably be avoided). Apache Tika 2 and 3 standardized the metadata fields, which affect the returned fields. You can see some of the fields that are affected in the changed tests. More can be found in the [migration guide of Apache Tika](https://cwiki.apache.org/confluence/display/TIKA/Migrating+to+Tika+2.0.0). # Tests Tests were only updated to work with new Tika version. # Checklist Please review the following and check all that apply: - [ ] I have reviewed the guidelines for [How to Contribute](https://github.com/apache/solr/blob/main/CONTRIBUTING.md) and my code conforms to the standards described there to the best of my ability. - [ ] I have created a Jira issue and added the issue ID to my pull request title. - [ ] I have given Solr maintainers [access](https://help.github.com/en/articles/allowing-changes-to-a-pull-request-branch-created-from-a-fork) to contribute to my PR branch. (optional but recommended, not available for branches on forks living under an organisation) - [ ] I have developed this patch against the `main` branch. - [ ] I have run `./gradlew check`. - [ ] I have added tests for my changes. - [ ] I have added documentation for the [Reference Guide](https://github.com/apache/solr/tree/main/solr/solr-ref-guide) # Pending Changes - [ ] Update transitive dependencies log4j and commons-io before merging this PR - [ ] Update forbidden-apis before merging - [ ] Remove suppression rules for forbidden-apis from gradle script -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
