4.x is on 1.84. The 4.0.0-alpha-1 release includes that version. On Tue, May 12, 2026 at 2:26 AM Saravanan Balakrishnan < [email protected]> wrote:
> Hello Tika Team, > Below vulnerability CVE-2025-14813, is there any plan to fix the same in > Tika 4.x stream, > > CVE-2025-14813: Description > Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion > of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This > vulnerability is associated with program files G3413CTRBlockCipher. GOSTCTR > implementation unable to process more than 255 blocks correctly. This issue > affects BC-JAVA: from 1.59 before 1.84. > > Please check and update. > > Regards, > Saravanan B > >
