Skip to content

Get rid of tika core #3169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
baev merged 2 commits into from
Dec 10, 2025
Merged

Get rid of tika core #3169

baev merged 2 commits into from
Dec 10, 2025

Conversation

@baev
Copy link
Member

@baev baev commented Dec 9, 2025
edited
Loading

Context

Apache Tika has an XXE vulnerability, and the fixed version of tika-core requires Java 11. Since we only use a content type detector from tika-core, and it has already been ported to TypeScript in Allure 3, it seems like a good idea to remove tika-core in Allure 2 as well.

Please note: Allure is not affected by this vulnerability!

Checklist

@baev baev added type:security Security vulnerability or fix type:dependencies Pull requests that update a dependency and removed type:security Security vulnerability or fix labels Dec 9, 2025
@DineshKumarRA DineshKumarRA mentioned this pull request Dec 10, 2025
Closed
2 tasks
@baev baev merged commit 570fd81 into main Dec 10, 2025
18 checks passed
@baev baev deleted the get-rid-tika-core branch December 10, 2025 12:46
@baev baev mentioned this pull request Dec 10, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pratushnyi pratushnyi pratushnyi approved these changes

Assignees

No one assigned

Labels

theme:build theme:generator type:dependencies Pull requests that update a dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@baev @pratushnyi