[jira] [Commented] (COMPRESS-703) Update org.apache.commons:commons-lang3 to 3.18.0

Gary D. Gregory (Jira) Wed, 06 Aug 2025 03:26:19 -0700


    [ 
https://issues.apache.org/jira/browse/COMPRESS-703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18012337#comment-18012337
 ]


Gary D. Gregory commented on COMPRESS-703:
------------------------------------------

I wouldn't rely on anything that link says, it's obviously wrong.

The fix is in 1.28.0.

Git, the JAR, and the CVE is the truth: 

[https://nvd.nist.gov/vuln/detail/CVE-2025-48924]

[https://search.maven.org/artifact/org.apache.commons/commons-compress/1.28.0/jar]

 

 

> Update org.apache.commons:commons-lang3 to 3.18.0
> -------------------------------------------------
>
>                 Key: COMPRESS-703
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-703
>             Project: Commons Compress
>          Issue Type: Wish
>            Reporter: James Cook
>            Priority: Minor
>             Fix For: 1.29.0
>
>
> Any chance of creating a point release (1.28.1) that includes this: 
> [https://github.com/apache/commons-compress/pull/678]
> We have some failing vuln checks that we would like to resolve.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (COMPRESS-703) Update org.apache.commons:commons-lang3 to 3.18.0

Reply via email to