From 36a99104d72c50fff18bbc186f6457efa200b7e6 Mon Sep 17 00:00:00 2001
From: Marc Handalian <handalm@amazon.com>
Date: Fri, 14 Oct 2022 09:37:02 -0700
Subject: [PATCH 1/2] Bump Tika from 2.4.0 to 2.5.0 addressing CVE-2022-33879.
 (#4791)

* Bump Tika from 2.4.0 to 2.5.0 addressing CVE-2022-33879.

Signed-off-by: Marc Handalian <handalm@amazon.com>

* Add missing SHAs.

Signed-off-by: Marc Handalian <handalm@amazon.com>

* Update changelog with PR info.

Signed-off-by: Marc Handalian <handalm@amazon.com>

Signed-off-by: Marc Handalian <handalm@amazon.com>
Signed-off-by: Vacha Shah <vachshah@amazon.com>
---
 plugins/ingest-attachment/build.gradle                          | 2 +-
 plugins/ingest-attachment/licenses/tika-core-2.4.0.jar.sha1     | 1 -
 plugins/ingest-attachment/licenses/tika-core-2.5.0.jar.sha1     | 1 +
 .../licenses/tika-langdetect-optimaize-2.4.0.jar.sha1           | 1 -
 .../licenses/tika-langdetect-optimaize-2.5.0.jar.sha1           | 1 +
 .../licenses/tika-parsers-standard-package-2.4.0.jar.sha1       | 1 -
 .../licenses/tika-parsers-standard-package-2.5.0.jar.sha1       | 1 +
 7 files changed, 4 insertions(+), 4 deletions(-)
 delete mode 100644 plugins/ingest-attachment/licenses/tika-core-2.4.0.jar.sha1
 create mode 100644 plugins/ingest-attachment/licenses/tika-core-2.5.0.jar.sha1
 delete mode 100644 plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.4.0.jar.sha1
 create mode 100644 plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.5.0.jar.sha1
 delete mode 100644 plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.4.0.jar.sha1
 create mode 100644 plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.5.0.jar.sha1

diff --git a/plugins/ingest-attachment/build.gradle b/plugins/ingest-attachment/build.gradle
index 84df58cdf38e7..ee424a415bd1e 100644
--- a/plugins/ingest-attachment/build.gradle
+++ b/plugins/ingest-attachment/build.gradle
@@ -38,7 +38,7 @@ opensearchplugin {
 }
 
 versions << [
-  'tika'  : '2.4.0',
+  'tika'  : '2.5.0',
   'pdfbox': '2.0.25',
   'poi'   : '5.2.2',
   'mime4j': '0.8.3'
diff --git a/plugins/ingest-attachment/licenses/tika-core-2.4.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-core-2.4.0.jar.sha1
deleted file mode 100644
index 373b7ec63138a..0000000000000
--- a/plugins/ingest-attachment/licenses/tika-core-2.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-97b2454943127857a8304319be658d6d7ff4fff1
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/tika-core-2.5.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-core-2.5.0.jar.sha1
new file mode 100644
index 0000000000000..419f01c631375
--- /dev/null
+++ b/plugins/ingest-attachment/licenses/tika-core-2.5.0.jar.sha1
@@ -0,0 +1 @@
+7f9f35e4827726b062ac2b0ad0fd361837a50ac9
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.4.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.4.0.jar.sha1
deleted file mode 100644
index cf724f4ee1de4..0000000000000
--- a/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-57901d6088b0e34999e25af6b363ccec959b5e61
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.5.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.5.0.jar.sha1
new file mode 100644
index 0000000000000..a9e47ff8a8a86
--- /dev/null
+++ b/plugins/ingest-attachment/licenses/tika-langdetect-optimaize-2.5.0.jar.sha1
@@ -0,0 +1 @@
+649574dca8f19d991ac25894c40284446dc5cf50
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.4.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.4.0.jar.sha1
deleted file mode 100644
index ec03a055a6f6d..0000000000000
--- a/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-83522360364a93e819eaec74f393bc56ed1d466a
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.5.0.jar.sha1 b/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.5.0.jar.sha1
new file mode 100644
index 0000000000000..d648183868034
--- /dev/null
+++ b/plugins/ingest-attachment/licenses/tika-parsers-standard-package-2.5.0.jar.sha1
@@ -0,0 +1 @@
+2b9268511c34d8a1098f0565438cb8077fcf845d
\ No newline at end of file

From bdfeac6e7f991f31063ef2343b4f6bd34f493329 Mon Sep 17 00:00:00 2001
From: Vacha Shah <vachshah@amazon.com>
Date: Wed, 26 Oct 2022 06:14:14 +0000
Subject: [PATCH 2/2] Update CHANGELOG

Signed-off-by: Vacha Shah <vachshah@amazon.com>
---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 43aa6c1edff06..d67cc93fc476d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bump protobuf-java to 3.21.7 in repository-gcs and repository-hdfs ([#4890](https://github.com/opensearch-project/OpenSearch/pull/4890))
 - Upgrade netty to 4.1.84.Final ([#4893](https://github.com/opensearch-project/OpenSearch/pull/4893))
 - Bump reactor-netty-http to 1.0.24 in repository-azure ([#4920](https://github.com/opensearch-project/OpenSearch/pull/4920))
+- Bump `tika` from 2.4.0 to 2.5.0 ([#4929](https://github.com/opensearch-project/OpenSearch/pull/4929))
 
 ### Changed
 - Dependency updates (httpcore, mockito, slf4j, httpasyncclient, commons-codec) ([#4308](https://github.com/opensearch-project/OpenSearch/pull/4308))