https://bz.apache.org/bugzilla/show_bug.cgi?id=68691
Bug ID: 68691 Summary: CVE-2024-26308 Product: POI Version: 5.2.3-FINAL Hardware: PC OS: Mac OS X 10.1 Status: NEW Severity: normal Priority: P2 Component: XSSF Assignee: dev@poi.apache.org Reporter: jorge.mascar...@gmail.com Target Milestone: --- Current version 5.2.5 provides transitive vulnerable dependency org.apache.commons:commons-compress:1.25.0. This vulnerability has been fixed in org.apache.commons:commons-compress:1.26.0 https://mvnrepository.com/artifact/org.apache.commons/commons-compress Therefore, the dependency should be updated to new version to avoid the vulnerability. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org