Thanks a lot for the update.
Regards,
Saravanan B
----- Original message -----
From: "Tim Allison" <[email protected]>
To: [email protected]
Subject: Re: CVE-2025-14813
Date: Tue, May 12, 2026 3:19 PM
- [CAUTION: This email is from outside the organization. Unless you trust the sender, don't click links or open attachments as it may be a phishing email, which can steal your information and compromise your computer.]
4.x is on 1.84. The 4.0.0-alpha-1 release includes that version.On Tue, May 12, 2026 at 2:26 AM Saravanan Balakrishnan <[email protected]> wrote:Hello Tika Team,Below vulnerability CVE-2025-14813, is there any plan to fix the same in Tika 4.x stream,CVE-2025-14813: Description
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher. GOSTCTR implementation unable to process more than 255 blocks correctly. This issue affects BC-JAVA: from 1.59 before 1.84.Please check and update.Regards,Saravanan B
