Thanks a lot for the reply. Are there any changes/plan to release Tika 2.x release with this (CVE-2025-54988) fix like 2.9.5.
Regards,
Saravanan B
----- Original message -----
From: "Tilman Hausherr" <[email protected]>
To: [email protected]
Subject: Re: Security fix CVE-2025-54988 port to Tika 2.9.4
Date: Fri, Sep 26, 2025 3:24 PM
- [CAUTION: This email is from outside the organization. Unless you trust the sender, don't click links or open attachments as it may be a phishing email, which can steal your information and compromise your computer.]
Update to 3.2.3. Or are you asking for the specific commit because you want to stay with 2.* ? In that later case, the 2.* repository branch contains the fix, but there won't be a 2.9.4 release. But you can download the source and build locally.TilmanAm 25.09.2025 um 15:37 schrieb Saravanan Balakrishnan:Hello All,We are running into a problem that fix for CVE-2025-54988 is went in Tika 3.2.2 and we have a limitation to upgrade Tika 3.2.2 in our product's earlier version. Kindly look for feasibility to port fix for "CVE-2025-54988" which went in Tika 3.2.2 in Tika 2.9.4 would be great.Thanks in advance.Regards,Saravanan B
