Fixed issues in 7.1.9 SP1 CHF 14
Know more about the list of fixes that are shipped for CDP Private Cloud Base version 7.1.9 SP1 CHF 14.
- CDPD-94496: Security vulnerability related to Apache Tika
- This fix addresses a critical XML External Entity (XXE) vulnerability, as described in CVE-2025-66516, in the Apache Tika core and parser modules. This vulnerability could be exploited by using a crafted XFA file within a PDF document.
- Backport of Apache Tika version
- Apache Tika 2.9.4 is now forked, patched and built internally into 2.9.4.cldr-b21. This
applies for NiFi and CFM as well.
Cloudera Search uses the downstream version of Tika 2.4.1 (2.4.1.cldr-b12) as well which is essentially patched with the CVE fix.
.
Common Vulnerabilities and Exposures (CVE) that is fixed in this CHF:
- CVE-2025-66516 - Apache Tika
