Page History

...

The Tika project offers some defenses against these denial of service (DoS) vulnerabilities:.  All of these options spawn a forked process to do the actual parsing.

1. The ForkParser – this forks a child process and will protect against OOM and infinite loops.
2. tika-batch – if you are processing files at desktop/vm scale (not cloud scale), you can run tika-batch via tika-app:

   1.  java -jar tika-app.jar -i <input_dir> -o <output_dir>

3. tika-server – server – if you are using tika-server 1.x, start the server with `–spawnChild` with `–spawnChild` mode, and it will fork a child process to do the actual parsing.  In Tika 2.x, that mode is default.

4. Use tika-pipes in Tika 2.x, programmatically, in tika-app with the -a option or in tika-server with the /async or /pipes endpoints.

The Tika project has taken the following steps to identify and fix catastrophic problems:

...