Hi all, I've been looking at CVE-2020-9489/tika to find the patch for the same and found the following details so far (after having a word with the upstream maintainer):
The general dependency updates including some with security implications: 171f4343 The fixes for the security items identified in that CVE 0f4d5de0 73b26ef0 e9b2c386 8e2eb052 57193f51 f9607f97 f7f1be6a 333d9906 I feel that the fix is too invasive to backport and should be marked as no-dsa? If someone concurs with me on this, I'd go on and mark this as no-dsa for Jessie. Best, Utkarsh
