Hi Devs, I have a created an Issue ( https://github.com/apache/incubator-tuweni/issues/373) and a PR ( https://github.com/apache/incubator-tuweni/pull/374) to fix the issue. I'd really appreciate if we could merge that PR and then create a patch release to get that fixed.
Thank you, Stefan Senior Protocol Engineer [email protected] | Brisbane, Australia We're Hiring <https://grnh.se/1f9e9cdf1us> | https://www.linkedin.com/in/stefan-pingel// ---------- Forwarded message --------- From: Stefan Pingel <[email protected]> Date: Wed, Mar 2, 2022 at 4:59 PM Subject: CVE-2018-18928 To: <[email protected]> Hi Devs, a user of Hyperledger Besu notified us that one of the dependencies of Tuweni (tuweni-toml) uses icu4j version 61.1, which has a vulnerability ( CVE-2018-18928). The tuweni dependency is antlr4 version 4.7.1. antlr4 version 4.9.3 is available ( https://mvnrepository.com/artifact/org.antlr/antlr4/4.9.3) which uses a newer version of icu4j. Would it be possible to get this updated and released please? Thank you, Stefan Senior Protocol Engineer [email protected] | Brisbane, Australia We're Hiring <https://grnh.se/1f9e9cdf1us> | https://www.linkedin.com/in/stefan-pingel//
