Make upgrade docs clearer that you have to start running a Tika service, and how to configure the connection to it

Author: davisagli

docs/docs/how-to-guides/upgrade-cve-2025-66516.md

@@ -21,21 +21,23 @@ CVE-2025-66516 is a critical XML External Entity (XXE) vulnerability in Apache T
 
 ## Users on the Vanilla kitconcept.solr Image
 
-**No configuration changes are required on your end.**
-
 You are using the vanilla image if your Docker Compose configuration references:
 
 ```yaml
 solr:
   image: ghcr.io/kitconcept/solr
 ```
 
-Simply pull the new Docker image and restart your services. The updated image includes:
+You will need to start running the Tika server as a separate service.
+Check the project's `docker-compose.yml` for the current reference configuration.
+
+Then pull the new `ghcr.io/kitconcept/solr` image and restart your services. The updated image includes:
 
 - Solr 9.10 with the `extraction` module enabled
-- External Tika 3.2.3 server (patched against CVE-2025-66516)
+- Configuration to use an external Tika 3.2.3 server (patched against CVE-2025-66516)
 
-If you're using Docker Compose, you may need to update your stack configuration to include the new Tika service. Check the project's `docker-compose.yml` for the current reference configuration.
+By default, Solr will connect to the Tika server at http://tika:9998
+You can override this using the `solr.tika.url` environment variable.
 
 ## Users with Custom Solr Images
 

news/+fix-tikka-sec-vulnerability.bugfix

@@ -1 +1,2 @@
-Upgrade to Solr 9.10 with external Tika server 3.2.3 to fix CVE-2025-66516. @reebalazs
+Upgrade to Solr 9.10 with external Tika server 3.2.3 to fix CVE-2025-66516.
+See docs/docs/how-to-guides/upgrade-cve-2025-66516.md for details. @reebalazs