For known security vulnerabilities, see: https://tika.apache.org/security.html
Before reporting, please review Tika's security model to understand what is and isn't considered a vulnerability:
The Apache Tika project takes security seriously. We appreciate your efforts to responsibly disclose your findings.
Please do NOT report security vulnerabilities through public GitHub or JIRA issues.
Instead, please report security vulnerabilities privately to the Apache Tika team and to the Apache Security Team:
- Email: security@apache.org
- More information: Apache Security Team
Please include:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Any potential mitigations you've identified
Known vulnerabilities are published at:
We provide security updates for:
| Version | Supported |
|---|---|
| 4.x | ✅ |
| 3.x | ✅ |
| 2.x | ❌ (EOL April 2025) |
| < 2.0 | ❌ |