On Thu, 11 Apr 2024, Tim Allison wrote:
I just excluded joda-time because of this: CVE-2024-23080
https://nvd.nist.gov/vuln/detail/CVE-2024-23080
This is an NPE in joda-time version 2.12.5. That's two versions before the
current...is it actually still in there. And more importantly, an NPE is
not a CVE in Java. People, please.
Have you seen all the rants from the Curl folks?
https://daniel.haxx.se/blog/2024/02/21/disputed-not-rejected/
https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-stands-for-intelligence/
Nick
