Current tikaondotnet version susceptible to multiple security issues

KevM / tikaondotnet

Use the Java Tika text extraction library on the .NET platform

http://kevm.github.io/tikaondotnet/

Apache License 2.0

195 stars 73 forks source link

Current tikaondotnet version susceptible to multiple security issues #127

Open haus opened 5 years ago

haus commented 5 years ago

From looking at the security page on tika's project (https://tika.apache.org/security.html), it looks like there are 10 CVEs that affect Tika < 1.18. The issues range from local files being overwritten, OOMs, infinite loops and other DOS vulnerabilities. It would be awesome to update the tika version under the hood to 1.19.1 to mitigate these issues.

haus commented 5 years ago

(also I'd be happy to help update the tika version)

KevM commented 5 years ago

Awesome. Checkout the docs and submit a PR. https://github.com/KevM/tikaondotnet/blob/master/Developers.md#updating-tika