chore: Upgrade tika for avoid potential security vulnerabilities

2025-12-08 18:26:30 +00:00 · 2025-12-06 11:44:26 +08:00 · 2025-12-06 11:44:26 +08:00 · abcc00f051
commit abcc00f051
parent 4051221b95
3 changed files with 2 additions and 3 deletions
--- a/.trivyignore
+++ b/.trivyignore
@ -1,3 +1,2 @@
 CVE-2024-53299
 CVE-2024-57699
-CVE-2025-66516
--- a/pom.xml
+++ b/pom.xml
@ -672,7 +672,7 @@
 		<groovy.version>3.0.25</groovy.version>
 		<servlet.version>3.1.0</servlet.version>
 		<jackson.version>2.15.0</jackson.version>
-		<tika.version>1.28.3</tika.version>
+		<tika.version>3.2.2</tika.version>
 		<langchain4j.version>1.8.0</langchain4j.version>
 	</properties>
 </project>
--- a/server-plugin/server-plugin-report-markdown/src/main/java/io/onedev/server/plugin/report/markdown/MarkdownReportDownloadResource.java
+++ b/server-plugin/server-plugin-report-markdown/src/main/java/io/onedev/server/plugin/report/markdown/MarkdownReportDownloadResource.java
@ -6,11 +6,11 @@ import io.onedev.commons.utils.LockUtils;
 import io.onedev.server.OneDev;
 import io.onedev.server.service.BuildService;
 import io.onedev.server.service.ProjectService;
+import io.onedev.server.util.IOUtils;
 import io.onedev.server.model.Build;
 import io.onedev.server.model.Project;
 import io.onedev.server.security.SecurityUtils;
 import org.apache.shiro.authz.UnauthorizedException;
-import org.apache.tika.io.IOUtils;
 import org.apache.tika.mime.MimeTypes;
 import org.apache.wicket.request.mapper.parameter.PageParameters;
 import org.apache.wicket.request.resource.AbstractResource;