In the future, please open PRs. We have dependabot and Tilman is meticulous. Nevertheless, the more help we can get, the better.
On Tue, May 12, 2026 at 6:45 AM Saravanan Balakrishnan < [email protected]> wrote: > Thanks a lot for the update. > > Regards, > Saravanan B > > ----- Original message ----- > From: "Tim Allison" <[email protected]> > To: [email protected] > Subject: Re: CVE-2025-14813 > Date: Tue, May 12, 2026 3:19 PM > > > - [CAUTION: This email is from outside the organization. Unless you > trust the sender, don't click links or open attachments as it may be a > phishing email, which can steal your information and compromise your > computer.] > > > > 4.x is on 1.84. The 4.0.0-alpha-1 release includes that version. > > On Tue, May 12, 2026 at 2:26 AM Saravanan Balakrishnan < > [email protected]> wrote: > > Hello Tika Team, > Below vulnerability CVE-2025-14813, is there any plan to fix the same in > Tika 4.x stream, > > CVE-2025-14813: Description > Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion > of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This > vulnerability is associated with program files G3413CTRBlockCipher. GOSTCTR > implementation unable to process more than 255 blocks correctly. This issue > affects BC-JAVA: from 1.59 before 1.84. > > Please check and update. > > Regards, > Saravanan B > > > >
