On #ApacheTika we're moving entirely to json for configuration in 4.x.
If you use tika-server and are interested in runtime configuration, please take a look and offer feedback:
https://lists.apache.org/thread/jlt8jv47t8tm58dlrnxsrfodxm2d6o0z
Please repost for reach.
⚠️ CRITICAL XXE bug (CVE-2025-66516, CVSS 10.0) in Apache Tika (tika-core, tika-pdf-module, tika-parsers). Exploitation via crafted PDFs can lead to file disclosure & RCE. Upgrade to 3.2.2+ ASAP! https://radar.offseq.com/threat/critical-xxe-bug-cve-2025-66516-cvss-100-hits-apac-d08561e7 #OffSeq #ApacheTika #XXE #Security
🚨 CVE-2025-66516 CRITICAL: XXE in Apache Tika core (v1.13–3.2.1), tika-pdf-module, tika-parsers. Exploitable via crafted PDF XFA files — risks data exfil & DoS. Patch to 3.2.2+ now! https://radar.offseq.com/threat/cve-2025-66516-cwe-611-improper-restriction-of-xml-fa601313 #OffSeq #ApacheTika #XXE #Vuln
RE: https://mastodon.social/@tallison/115452030199746498
Please join me tomorrow, November 13 at noon EST to chat #ApacheTika.
Please dm me for the connection info.
LOL.. given that I'm going to be a remote presenter, I taped my Digital Preservation Bake-off talk last night in case I have wifi-problems during the session.
I really wish conferences would require 3 or 4 videos of the talk before I'm allowed to speak.
In belated celebration of World Digital Preservation Day, I'm throwing a "What's new with Apache Tika/Office hours" meetup at noon on November 13 EST.
This is intended for anyone interested in files from search to digital preservation to file forensics/reverse engineering folks.
https://www.meetup.com/apache-tika-community/events/311746184
If I hosted an #ApacheTika demo/office hours on Thursday, Nov 6 at noon EST, would that time work?
Maybe I should throw a demo/office hours for #ApacheTika on #wdpd2025?
Y, #ApacheTika will extract what the PDF alleges it is.
These are some of the fields that I'll focus on in the #digipresBakeoff #ipres2025 #ipresBakeOff
These include pdf/a and pdf/x. hasMarkedContent suggests PDF/UA.
I recently added fully recursive extraction of embedded files to Apache Tika's commandline.
This will also extract earlier versions of PDFs available through incremental updates.
This feature is still in beta. Let us know what you think.
Details in next toot.
#fileforensics #districtcon #ipres2025
#helpwanted #digipres #fileformatology #ApacheTika
Thank you for sharing! I confirmed that #ApacheTika is correctly throwing an EncryptedDocumentException on that file. 🎉
If different enough from our IRM unit test, would you mind sharing with me, too? :D
I want to make sure that we're correcty flagging these in #ApacheTika
https://github.com/apache/tika/blob/main/tika-parsers/tika-parsers-standard/tika-parsers-standard-modules/tika-parser-pdf-module/src/test/resources/test-documents/testMicrosoftIRMServices.pdf
🧠 Open-source & still evolving:
https://github.com/JohannesRabauer/quanta
What would you add next, smarter summaries, multi-agent explorers, or something wild?
#LangChain4j #Quarkus #Ollama #pgvector #ApacheTika #AI #Java #LLaMA3
Took the day "off" and made some progress on this for #ApacheTika
Files changed: 220 🤣
I think this is the last major change for Tika 4.x.
Moving tika-pipes out of tika-core in #ApacheTika 4.x.
Please take a look and let me know what you think:
I just noticed there are 1.3 million pulls of tika-server on Docker Hub per month.
That's A LOT of files parsed!
Happy parsing!
Just submitted an "Intro to #ApacheTika" talk to DistrictCon, Year 1. 🤞
There will be PDFs!🤣
#districtcon @DistrictCon
https://sessionize.com/districtcon/
#ApacheTika 3.2.3 release candidate #1 is up for vote!
This is a bugfix release that fixes a bug in processing XFA within PDFs via tika-server.
https://lists.apache.org/thread/px1stbwnbgx301y4sg6yxycrmcqt27gf
I just learned about @DistrictCon 's CFP, deadline is Sep 28.
Anyone interested in #ApacheTika for file deep dives?
No matter the answer, please consider submitting your talks!
This one is particularly rewarding for me w.r.t. #ApacheTika.
This shows the CRS trying to trigger a zip slip in our existing unpacker code. It couldn't, so it eventually found the vulnerable harness (and new class) that I added for the competition for this "entry level zip slip" challenge.
