[Backport 1.x] Bump Tika from 2.4.0 to 2.5.0 addressing CVE-2022-33879 (

#4929) * Bump Tika from 2.4.0 to 2.5.0 addressing CVE-2022-33879. (#4791) * Bump Tika from 2.4.0 to 2.5.0 addressing CVE-2022-33879. Signed-off-by: Marc Handalian <handalm@amazon.com> * Add missing SHAs. Signed-off-by: Marc Handalian <handalm@amazon.com> * Update changelog with PR info. Signed-off-by: Marc Handalian <handalm@amazon.com> Signed-off-by: Marc Handalian <handalm@amazon.com> Signed-off-by: Vacha Shah <vachshah@amazon.com> * Update CHANGELOG Signed-off-by: Vacha Shah <vachshah@amazon.com> Signed-off-by: Marc Handalian <handalm@amazon.com> Signed-off-by: Vacha Shah <vachshah@amazon.com> Co-authored-by: Marc Handalian <handalm@amazon.com>
opensearch-project · Oct 26, 2022 · c3d23ca · c3d23ca
1 parent 7dd9b2a
commit c3d23ca
Show file tree

Hide file tree

Showing 8 changed files with 5 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,6 +20,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bump protobuf-java to 3.21.7 in repository-gcs and repository-hdfs ([#4890](https://github.com/opensearch-project/OpenSearch/pull/4890))
 - Upgrade netty to 4.1.84.Final ([#4893](https://github.com/opensearch-project/OpenSearch/pull/4893))
 - Bump reactor-netty-http to 1.0.24 in repository-azure ([#4920](https://github.com/opensearch-project/OpenSearch/pull/4920))
+- Bump `tika` from 2.4.0 to 2.5.0 ([#4929](https://github.com/opensearch-project/OpenSearch/pull/4929))
 
 ### Changed
 - Dependency updates (httpcore, mockito, slf4j, httpasyncclient, commons-codec) ([#4308](https://github.com/opensearch-project/OpenSearch/pull/4308))

diff --git a/plugins/ingest-attachment/build.gradle b/plugins/ingest-attachment/build.gradle
@@ -38,7 +38,7 @@ opensearchplugin {
 }
 
 versions << [
-  'tika'  : '2.4.0',
+  'tika'  : '2.5.0',
   'pdfbox': '2.0.25',
   'poi'   : '5.2.2',
   'mime4j': '0.8.3'

diff --git a/plugins/ingest-attachment/licenses/tika-core-2.4.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-core-2.4.0.jar.sha1
diff --git a/plugins/ingest-attachment/licenses/tika-core-2.5.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-core-2.5.0.jar.sha1
@@ -0,0 +1 @@
+7f9f35e4827726b062ac2b0ad0fd361837a50ac9
diff --git a/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.4.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.4.0.jar.sha1
diff --git a/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.5.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.5.0.jar.sha1
@@ -0,0 +1 @@
+649574dca8f19d991ac25894c40284446dc5cf50
diff --git a/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.4.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.4.0.jar.sha1
diff --git a/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.5.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.5.0.jar.sha1
@@ -0,0 +1 @@
+2b9268511c34d8a1098f0565438cb8077fcf845d