Hi! I've recently run some static checkers on 2.5.11, and found a few CVEs in thirdparty. branch-2 still uses thirdparty 4.1.5, which is quite old.
Is there a specific reason why thirdparty wasn't updated on branch-2.x ? If 4.1.6 is for some reason incompatible with branch-2, we should still release something that fixes the CVEs on branch-2. (Maybe 4.1.5.x ?) Istvan
