Hello Commons, As you might know Commons Text recently published a CVE. It seems there is a fair bit of confusion about its severity online, so it seems like a good idea to publish a statement around that on the website.
I've proposed one at https://github.com/apache/commons-text/pull/374 and I'd like to ask for your review & help publishing. Given the issue is getting some attention it might be nice to publish something soon and maybe refine it later ;). I'll also publish it at https://blogs.apache.org/security . I think what would need to happen is: * review and merge https://github.com/apache/commons-text/pull/374 * check out the commit before the merge commit (since that one still has 1.10.0 as the version in the pom.xml) * tag it with something clear, like "commons-text-1.10.0-docs-update"(?) * push the tag * do a 'mvn site:deploy' Much appreciated! Kind regards, Arnout