https://www.apache.org/security/
Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: Roman Wagner <wag...@code-intelligence.com> Sent: Monday, October 10, 2022 4:44:58 PM To: dev@commons.apache.org <dev@commons.apache.org> Subject: RE: Re: [jxpath] reported CVE and path forward Hi all, I am working for Code Intelligence and we did our best to find a maintainer for the oss-fuzz project Unfortunately, we've have failed and got no feedback until now, but It seems to be an unmaintained project except for some typo fixes since some years. I am not sure yet to which mailing list the bug report was send to, but I will check that information with the team. However, I am really happy that there is some interest in fixing the RCE. I have verified the vulnerability and for me it seems to be a valid RCE. @Mark Thomas should we continue to discuss further details via secur...@apache.org? We would like to support the fix process. Best regards Roman