You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by Ashutosh Singh <as...@gmail.com> on 2017/01/25 02:53:45 UTC

Removing Runtime Execs

Hi,
We are using the Apache Tika Parser and would like to move all the Runtime
Execs out of the code for security purposes. We want to refactor and move
them to tika-external package. This is mainly to not have anyone forking a
process on the servers we run. It is both a security risk and performance
penalty if people start sending email with attachments that require parsing
things that do an execs. I see that there are configs that control some of
it, however it is still not comprehensive. I would like to start a
discussion in this direction.
If you would like to see the proposed code changes please let us know.
Regards,
Ash