!!! [TASK] Remove possibility to download the Tika server binary

This is the follow up of CVE-2025-66516 / CVE-2025-54988 task,
removing possibility to download the Tika server jar file.
The binary of server file is not required anymore within EXT:tika,
due of removement of Tika Server administration Module in TYPO3.
Please use proper DevOps operational style for running Apache Tika server.

### Impact:

Following commands and/or options do not exist anymore:

* `composer tika:download:app`
* `composer tika:download:server`
* `-a, -A, --app-only`
* `-s, -S, --server-only`

Relates: #135

Author: dkd-kaehm

.github/workflows/ci.yml

@@ -2,11 +2,11 @@ name: build
 
 on:
   push:
-    branches: [ 'main', 'release-13.0.x', 'release-12.0.x' ]
+    branches: [ 'main', 'release-13.1.x', 'release-12.1.x' ]
     tags:
       - "**"
   pull_request:
-    branches: [ 'main', 'release-13.0.x', 'release-12.0.x' ]
+    branches: [ 'main', 'release-13.1.x', 'release-12.1.x' ]
 
 env:
   CI_BUILD_DIRECTORY: '/home/runner/work/ext-tika/ext-tika/.Build'

Build/Helpers/download_tika_binaries.sh

@@ -21,16 +21,14 @@ Options:
  -D              <directory>      Directory to save the binaries in. Default: working directory
 
 Flags:
- -a, -A, --app-only               Download Tika app only
- -s, -S, --server-only            Download Tika server only
  -c, -C, --check-signature        Signature Verification
                                     Note: imports Apaches TIKA public keys
 
 Examples:
   $(basename "${COMPOSER_BINARY}") tika:download -- -D /tmp/tika-jars
   $(basename "${COMPOSER_BINARY}") tika:download -- -D /tmp/tika-jars
-  $(basename "${COMPOSER_BINARY}") tika:download -- -D /tmp/tika-jars -C -a
-  $(basename "${COMPOSER_BINARY}") tika:download -- -D /tmp/tika-jars -C -a --tika-version 3.2.3
+  $(basename "${COMPOSER_BINARY}") tika:download -- -D /tmp/tika-jars -C
+  $(basename "${COMPOSER_BINARY}") tika:download -- -D /tmp/tika-jars --check-signature --tika-version 3.2.3
 
 EOF
     exit
@@ -49,8 +47,6 @@ Options:
  -d, -D, --dir     <directory>   Directory to save the binaries in. Default: working directory
 
 Flags:
- -a, -A, --app-only              Download app only
- -s, -S, --server-only           Download server only
  -c, -C, --check-signature       Signature Verification
                                   Note: imports Apaches TIKA public keys
 
@@ -60,23 +56,19 @@ EOF
 # Default values
 TIKA_PATH="$(pwd -P)"
 TIKA_VERSION="${REQUIRED_TIKA_VERSION}"
-APP_ONLY=0
-SERVER_ONLY=0
 
 LONG_OPTS_LIST=(
   "version:"
   "tika-version:"
   "dir:"
-  "app-only"
-  "server-only"
   "check-signature"
   "help"
 )
 
 #echo "$(printf "%s," "${LONG_OPTS_LIST[@]}")"
 #exit
 
-SHORT_OPTS_LIST=":v:V:d:D:aAsScCh"
+SHORT_OPTS_LIST=":v:V:d:D:cCh"
 
 opts=$(getopt \
   --longoptions "$(printf "%s," "${LONG_OPTS_LIST[@]}")" \
@@ -110,26 +102,6 @@ while [[ $# -gt 0 ]]; do
       TIKA_PATH=$2; shift 2
       ;;
 
-    -a)
-      APP_ONLY=1; shift 1
-      ;;
-    -A)
-      APP_ONLY=1; shift 1
-      ;;
-    --app-only)
-      APP_ONLY=1; shift 1
-      ;;
-
-    -s)
-      SERVER_ONLY=1; shift 1
-      ;;
-    -S)
-      SERVER_ONLY=1; shift 1
-      ;;
-    --server-only)
-      SERVER_ONLY=1; shift 1
-      ;;
-
     -c)
       CHECK_SIGNATURE=1; shift 1
       ;;
@@ -246,24 +218,9 @@ if [[ "${CHECK_SIGNATURE}" -eq 1 ]]; then
 fi
 
 EXIT_CODE=0
-if [[ "${APP_ONLY}" -eq 0 ]] && [[ "${SERVER_ONLY}" -eq 0 ]]; then
-  echo "Will download app and server: proceed..."
-  downloadTika "app"
-  EXIT_CODE=$((EXIT_CODE+$?))
-  downloadTika "server-standard"
-  EXIT_CODE=$((EXIT_CODE+$?))
-fi
 
-if [[ "${APP_ONLY}" -eq 1 ]]; then
-  echo "Will download app only: proceed..."
-  downloadTika "app"
-  EXIT_CODE=$((EXIT_CODE+$?))
-fi
-
-if [[ "${SERVER_ONLY}" -eq 1 ]]; then
-  echo "Will download server only: proceed..."
-  downloadTika "server-standard"
-  EXIT_CODE=$((EXIT_CODE+$?))
-fi
+echo "Will download app: proceed..."
+downloadTika "app"
+EXIT_CODE=$((EXIT_CODE+$?))
 
 exit ${EXIT_CODE}

Documentation/Configuration/TikaApp.rst

@@ -27,9 +27,9 @@ Following command will download and verify the integrity of :file:`tika-app-<req
 
 .. code-block:: bash
 
-   composer --working-dir="$(composer config vendor-dir)/apache-solr-for-typo3/tika" tika:download:app -- -C -D /opt/tika
+   composer --working-dir="$(composer config vendor-dir)/apache-solr-for-typo3/tika" tika:download -- -C -D /opt/tika
    # or alternatively, change into the EXT:tika directory and run
-   # composer tika:download:app -- -C -D /opt/tika
+   # composer tika:download -- -C -D /opt/tika
 
 
 Setup EXT:tika for Tika App

Documentation/Configuration/TikaServer.rst

@@ -46,13 +46,13 @@ Open Extension settings for EXT:tika **General** tab and choose **"Tika Server"*
     Extension configuration for EXT:tika - Choosing Server extractor in General tab
 
 
-After that open the **Server** tab and paste the connection infos/datas according fields.
+After that open the **Server** tab and paste the connection infos/data according fields.
 
 
 ..  figure:: /Images/BE_Settings_ExtensionConfiguration_Server.png
     :class: with-shadow
-    :alt: Extension configuration for EXT:tika - Provide the connection infos/datas for Tika Server
+    :alt: Extension configuration for EXT:tika - Provide the connection infos/data for Tika Server
 
-    Extension configuration for EXT:tika - Provide the connection infos/datas for Tika Server
+    Extension configuration for EXT:tika - Provide the connection infos/data for Tika Server
 
 See :ref:`Check if it works <configuration-tika-check>` for test instructions.

Documentation/Releases/13_1.rst

@@ -5,7 +5,7 @@
 Releases 13.1
 =============
 
-Release 13.0.0
+Release 13.1.0
 ==============
 
 We are happy to announce new major version 13.1 of EXT:tika for TYPO3 13 LTS.
@@ -19,6 +19,43 @@ This is security release  including support Apache Tika v. 3.2.3+ and Solr v. 9.
       :php:`$GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['tika']['skipSecurityChecks'] = true` on your own risk.
       EXT:tika will silently stop work on insecure versions.
 
+
+!!! [FEATURE] Support Apache Tika 3.2.3+ and Solr 9.10.1+ versions only
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This change addresses the CVE-2025-66516 and updates the Tika Server/App to v. 3.2.3+.
+Due of CVE-2025-66516 / CVE-2025-54988, we are droping support for Tika <3.2.2 and Apache Solr <9.10.1.
+See the note on top.
+
+
+!!! [TASK] Remove Tika Server BE Module
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This change removes deprecated and not recommended BE module
+for stopping and starting apache Tika Server.
+
+Please use proper approach for that, consult your Dev-Ops, use Hosted-Solr or Docker.
+
+
+!!! [TASK] Remove possibility to download the Tika server binary
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is the follow up of CVE-2025-66516 / CVE-2025-54988 task,
+removing possibility to download the Tika server jar file.
+The binary of server file is not required anymore within EXT:tika,
+due of removement of Tika Server administration Module in TYPO3.
+Please use proper DevOps operational style for running Apache Tika server.
+
+### Impact:
+
+Following commands and/or options do not exist anymore:
+
+*   :shell:`composer tika:download:app`
+*   :shell:`composer tika:download:server`
+*   :shell:`-a, -A, --app-only`
+*   :shell:`-s, -S, --server-only`
+
+
 All changes:
 ------------
 

composer.json

@@ -33,7 +33,7 @@
     "typo3/cms-reports": "*"
   },
   "require-dev": {
-    "apache-solr-for-typo3/solr": "dev-main",
+    "apache-solr-for-typo3/solr": "13.1.x-dev",
     "dg/bypass-finals": "^1.6",
     "phpstan/phpstan": "^1.12",
     "phpstan/phpstan-phpunit": "^1.4",
@@ -87,10 +87,8 @@
     "tests:setup": "Installs composer dependencies, required for tests.",
     "tests:unit": "Runs unit tests",
 
-    "tika:download": "Download Tika binaries/\".jar\" files. App and Server files.",
-    "tika:download:app": "Download Tika app binariy/\".jar\" file only.",
+    "tika:download": "Download Tika app binariy/\".jar\" file.",
     "tika:download:help": "Prints help from download script.",
-    "tika:download:server": "Download Tika server binariy/\".jar\" file only.",
     "tika:req:solr": "Print required Apache Solr version.",
     "tika:req:tika": "Print required Apache Tika version."
   },
@@ -110,9 +108,7 @@
       "rm -Rf Documentation-GENERATED-temp/ $(readlink -f Documentation.HTML) Documentation.HTML"
     ],
     "tika:download": [ "CALLED_VIA_COMPOSER=1 REQUIRED_TIKA_VERSION=$($COMPOSER_BINARY tika:req:tika) ./Build/Helpers/download_tika_binaries.sh"],
-    "tika:download:app": [ "@tika:download -a" ],
     "tika:download:help": [ "@tika:download -h" ],
-    "tika:download:server": [ "@tika:download -s" ],
     "tika:req:tika": [ "@composer config extra.TYPO3-Solr.ext-tika.require.Tika" ],
     "tika:req:solr": [ "@composer config extra.TYPO3-Solr.ext-tika.require.Solr" ],