[
https://issues.apache.org/jira/browse/COMPRESS-703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18012374#comment-18012374
]
Gary D. Gregory commented on COMPRESS-703:
------------------------------------------
[~mettlecookie]
It's all good. You need to watch out for vendors, especially when they bury the
CVE ID down the report (if they show it at all) and instead promote their
numbering system to provide "value". A lot of them do this, sadly.
> Update org.apache.commons:commons-lang3 to 3.18.0
> -------------------------------------------------
>
> Key: COMPRESS-703
> URL: https://issues.apache.org/jira/browse/COMPRESS-703
> Project: Commons Compress
> Issue Type: Wish
> Reporter: James Cook
> Priority: Minor
> Fix For: 1.28.0
>
>
> Any chance of creating a point release (1.28.1) that includes this:
> [https://github.com/apache/commons-compress/pull/678]
> We have some failing vuln checks that we would like to resolve.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
