From 158873c4fbb7a30cc9360d6d24c733bd1afc6a6a Mon Sep 17 00:00:00 2001
From: Serhii Plyhun <S.Plyhun@gentics.com>
Date: Tue, 10 Sep 2024 15:10:05 +0200
Subject: [PATCH] SUP-17158: Update Tika

---
 LTS-CHANGELOG.adoc | 5 +++++
 bom/pom.xml        | 5 +++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/LTS-CHANGELOG.adoc b/LTS-CHANGELOG.adoc
index 93ba1c3b48..0b096cbd9b 100644
--- a/LTS-CHANGELOG.adoc
+++ b/LTS-CHANGELOG.adoc
@@ -17,6 +17,11 @@ include::content/docs/variables.adoc-include[]
 The LTS changelog lists releases which are only accessible via a commercial subscription.
 All fixes and changes in LTS releases will be released the next minor release. Changes from LTS 1.4.x will be included in release 1.5.0.
 
+[[v1.10.34]]
+== 1.10.34 (TBD)
+
+icon:check[] Core: Some dependency libraries were updated to target security vulnerabilities: Apache Tika (1.26 -> 1.28.5), Apache Commons-IO (2.7 -> 2.11.0).
+
 [[v1.10.33]]
 == 1.10.33 (28.08.2024)
 
diff --git a/bom/pom.xml b/bom/pom.xml
index d755e12d88..bf304f89e6 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -30,10 +30,11 @@
 		<jackson.version>2.13.2</jackson.version>
 		<jackson-databind.version>2.13.2</jackson-databind.version>
 		<netty.version>4.1.78.Final</netty.version>
-		<tika.version>1.26</tika.version>
+		<tika.version>1.28.5</tika.version>
 		<aws.sdk.version>2.16.83</aws.sdk.version>
 		<snakeyaml.version>1.30</snakeyaml.version>
 		<testcontainers.version>1.19.4</testcontainers.version>
+		<log4j.version>2.17.1</log4j.version>
 	</properties>
 
 	<!-- IMPORTANT: Always keep dependencies in-sync with mesh-plugin-parent pom in order to avoid duplicate libraries in shaded plugin jars -->
@@ -104,7 +105,7 @@
 			<dependency>
 				<groupId>commons-io</groupId>
 				<artifactId>commons-io</artifactId>
-				<version>2.7</version>
+				<version>2.11.0</version>
 			</dependency>
 			<dependency>
 				<groupId>commons-codec</groupId>