From 42a1c124fa89354ee99b09e65f7a80f987f73c24 Mon Sep 17 00:00:00 2001
From: Marc Handalian <handalm@amazon.com>
Date: Thu, 13 Oct 2022 17:09:03 -0700
Subject: [PATCH 1/3] Bump Tika from 2.4.0 to 2.5.0 addressing CVE-2022-33879.

Signed-off-by: Marc Handalian <handalm@amazon.com>
---
 CHANGELOG.md                           | 1 +
 plugins/ingest-attachment/build.gradle | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f3d6c2e05553e..bc13f75772056 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -55,6 +55,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bumps `hadoop-hdfs` from 3.3.3 to 3.3.4 ([#4644](https://github.com/opensearch-project/OpenSearch/pull/4644))
 - Bumps `jna` from 5.11.0 to 5.12.1 ([#4656](https://github.com/opensearch-project/OpenSearch/pull/4656))
 - Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) ([#4779](https://github.com/opensearch-project/OpenSearch/pull/4779))
+- Bumps `tika` from 2.4.0 to 2.5.0 ([#]())
 ### Changed
 - Dependency updates (httpcore, mockito, slf4j, httpasyncclient, commons-codec) ([#4308](https://github.com/opensearch-project/OpenSearch/pull/4308))
 - Use RemoteSegmentStoreDirectory instead of RemoteDirectory ([#4240](https://github.com/opensearch-project/OpenSearch/pull/4240))
diff --git a/plugins/ingest-attachment/build.gradle b/plugins/ingest-attachment/build.gradle
index 8f952f7619ac1..7bf67769cda10 100644
--- a/plugins/ingest-attachment/build.gradle
+++ b/plugins/ingest-attachment/build.gradle
@@ -38,7 +38,7 @@ opensearchplugin {
 }
 
 versions << [
-  'tika'  : '2.4.0',
+  'tika'  : '2.5.0',
   'pdfbox': '2.0.25',
   'poi'   : '5.2.2',
   'mime4j': '0.8.3'

From e30a510e2930dfcb01506dbc4a93c3e31711192b Mon Sep 17 00:00:00 2001
From: Marc Handalian <handalm@amazon.com>
Date: Thu, 13 Oct 2022 17:19:01 -0700
Subject: [PATCH 2/3] Add missing SHAs.

Signed-off-by: Marc Handalian <handalm@amazon.com>
---
 plugins/ingest-attachment/licenses/tika-core-2.4.0.jar.sha1      | 1 -
 plugins/ingest-attachment/licenses/tika-core-2.5.0.jar.sha1      | 1 +
 .../licenses/tika-langdetect-optimaize-2.4.0.jar.sha1            | 1 -
 .../licenses/tika-langdetect-optimaize-2.5.0.jar.sha1            | 1 +
 .../licenses/tika-parsers-standard-package-2.4.0.jar.sha1        | 1 -
 .../licenses/tika-parsers-standard-package-2.5.0.jar.sha1        | 1 +
 6 files changed, 3 insertions(+), 3 deletions(-)
 delete mode 100644 plugins/ingest-attachment/licenses/tika-core-2.4.0.jar.sha1
 create mode 100644 plugins/ingest-attachment/licenses/tika-core-2.5.0.jar.sha1
 delete mode 100644 plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.4.0.jar.sha1
 create mode 100644 plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.5.0.jar.sha1
 delete mode 100644 plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.4.0.jar.sha1
 create mode 100644 plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.5.0.jar.sha1

diff --git a/plugins/ingest-attachment/licenses/tika-core-2.4.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-core-2.4.0.jar.sha1
deleted file mode 100644
index 373b7ec63138a..0000000000000
--- a/plugins/ingest-attachment/licenses/tika-core-2.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-97b2454943127857a8304319be658d6d7ff4fff1
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/tika-core-2.5.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-core-2.5.0.jar.sha1
new file mode 100644
index 0000000000000..419f01c631375
--- /dev/null
+++ b/plugins/ingest-attachment/licenses/tika-core-2.5.0.jar.sha1
@@ -0,0 +1 @@
+7f9f35e4827726b062ac2b0ad0fd361837a50ac9
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.4.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.4.0.jar.sha1
deleted file mode 100644
index cf724f4ee1de4..0000000000000
--- a/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-57901d6088b0e34999e25af6b363ccec959b5e61
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.5.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.5.0.jar.sha1
new file mode 100644
index 0000000000000..a9e47ff8a8a86
--- /dev/null
+++ b/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.5.0.jar.sha1
@@ -0,0 +1 @@
+649574dca8f19d991ac25894c40284446dc5cf50
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.4.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.4.0.jar.sha1
deleted file mode 100644
index ec03a055a6f6d..0000000000000
--- a/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-83522360364a93e819eaec74f393bc56ed1d466a
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.5.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.5.0.jar.sha1
new file mode 100644
index 0000000000000..d648183868034
--- /dev/null
+++ b/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.5.0.jar.sha1
@@ -0,0 +1 @@
+2b9268511c34d8a1098f0565438cb8077fcf845d
\ No newline at end of file

From 97451ca5b61aa747ad55bbd04c116d541a164739 Mon Sep 17 00:00:00 2001
From: Marc Handalian <handalm@amazon.com>
Date: Thu, 13 Oct 2022 17:35:42 -0700
Subject: [PATCH 3/3] Update changelog with PR info.

Signed-off-by: Marc Handalian <handalm@amazon.com>
---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc13f75772056..c4334d6443a3b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -55,7 +55,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bumps `hadoop-hdfs` from 3.3.3 to 3.3.4 ([#4644](https://github.com/opensearch-project/OpenSearch/pull/4644))
 - Bumps `jna` from 5.11.0 to 5.12.1 ([#4656](https://github.com/opensearch-project/OpenSearch/pull/4656))
 - Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) ([#4779](https://github.com/opensearch-project/OpenSearch/pull/4779))
-- Bumps `tika` from 2.4.0 to 2.5.0 ([#]())
+- Bumps `tika` from 2.4.0 to 2.5.0 ([#4791](https://github.com/opensearch-project/OpenSearch/pull/4791))
 ### Changed
 - Dependency updates (httpcore, mockito, slf4j, httpasyncclient, commons-codec) ([#4308](https://github.com/opensearch-project/OpenSearch/pull/4308))
 - Use RemoteSegmentStoreDirectory instead of RemoteDirectory ([#4240](https://github.com/opensearch-project/OpenSearch/pull/4240))