Sure, please open an issue on https://github.com/apache/incubator-tuweni/issues <https://github.com/apache/incubator-tuweni/issues> and send a patch.
Cheers! Antoine > On Mar 1, 2022, at 10:59 PM, Stefan Pingel > <[email protected]> wrote: > > Hi Devs, > a user of Hyperledger Besu notified us that one of the dependencies of > Tuweni (tuweni-toml) uses icu4j version 61.1, which has a vulnerability ( > CVE-2018-18928). The tuweni dependency is antlr4 version 4.7.1. antlr4 > version 4.9.3 is available ( > https://mvnrepository.com/artifact/org.antlr/antlr4/4.9.3) which uses a > newer version of icu4j. > Would it be possible to get this updated and released please? > > Thank you, > Stefan > > Senior Protocol Engineer > > [email protected] | Brisbane, Australia > We're Hiring <https://grnh.se/1f9e9cdf1us> | > https://www.linkedin.com/in/stefan-pingel//
