Apache Tika has been updated to version 2.3.0. This major update from Tika 1.26 is necessary to update Apache POI to fix security issue CVE-2022-2633. An update of Apache Tika is also necessary because Tika 1.x is end of life, and will not receive security updates after September 2022 anymore.

As part of this change, the following transitive dependencies of Apache Tika have been updated to match versions used by Tika.

If you use these libraries in project code, please check their respective release notes for changes and upgrade information. No changes were necessary in the CoreMedia Blueprint for these updates.

Apache Tika restructured its Maven artifacts and split up the tika-parsers artifact from previous versions into separate artifacts. If you use Tika in project code, you may have to adapt Maven dependencies accordingly.

Apache Tika also removed some deprecated metadata keys (TIKA-1974). If you have configured the Content Feeder or CAE Feeder to extract metadata values with configuration properties feeder.tika.append-metadata or feeder.tika.copy-metadata , then make sure that the configured metadata keys are still supported by Tika. You can find metadata keys supported by Tika in its API documentation, for example in interface org.apache.tika.metadata.TikaCoreProperties .

(CMS-21292)