fix(security): upgrade Bouncy Castle 1.81 → 1.84 (CVE-2025-14813)

[mcenkar]

Similar to #35897 but it's still in com.dotcms.tika-25.07.10_lts_v12.jar

Upgrade contains no breaking changes: https://dist.apache.org/repos/dist/release/tika/3.3.1/CHANGES-3.3.1.txt

Can be verified by running ./mvnw -pl :com.dotcms.tika -am dependency:tree -Dincludes=org.bouncycastle

Before:

[INFO] --- dependency:3.6.0:tree (default-cli) @ com.dotcms.tika --- 
[INFO] com.dotcms.core.plugins:com.dotcms.tika:bundle:1.0.0-SNAPSHOT 
[INFO] \- org.apache.tika:tika-parsers-standard-package:jar:3.2.2:runtime
[INFO]    \- org.apache.tika:tika-parser-crypto-module:jar:3.2.2:runtime
[INFO]       +- org.bouncycastle:bcjmail-jdk18on:jar:1.81:runtime
[INFO]       |  \- org.bouncycastle:bcpkix-jdk18on:jar:1.81.1:runtime
[INFO]       |     \- org.bouncycastle:bcutil-jdk18on:jar:1.81.1:runtime
[INFO]       \- org.bouncycastle:bcprov-jdk18on:jar:1.81:runtime

After:

[INFO] --- dependency:3.6.0:tree (default-cli) @ com.dotcms.tika --- 
[INFO] com.dotcms.core.plugins:com.dotcms.tika:bundle:1.0.0-SNAPSHOT 
[INFO] \- org.apache.tika:tika-parsers-standard-package:jar:3.3.1:runtime
[INFO]    \- org.apache.tika:tika-parser-crypto-module:jar:3.3.1:runtime
[INFO]       +- org.bouncycastle:bcjmail-jdk18on:jar:1.84:runtime
[INFO]       |  \- org.bouncycastle:bcpkix-jdk18on:jar:1.84:runtime
[INFO]       |     \- org.bouncycastle:bcutil-jdk18on:jar:1.84:runtime
[INFO]       \- org.bouncycastle:bcprov-jdk18on:jar:1.84:runtime

[dsilvam]

This was already implemented and backported to 25.07.10 LTS. It's available on 25.07.10_lts_v12_6fa7199

[mcenkar]

Hi @dsilvam, it was only partially implemented, in mentioned tag - https://github.com/dotCMS/core/blob/v25.07.10_lts_v12/independent-projects/core-plugins/tika-plugin/pom.xml#L16 - it's still old version of tika - https://mvnrepository.com/artifact/org.apache.tika/tika-parser-crypto-module/3.2.2/dependencies - which pulls old bouncy castle. Also in main branch it's the same, old version.