This upgrade is already in trunk. On the other hand, I so no need to expedite a
release.
Users control their own builds. They can add explicit dependencies on
commons-compress and use the latest version.
This is a rehash of a previous email thread on this mailing list.
https://lists.apache.or
Hi Stephan,
Two answers.
1) Please list the CVEs that would be fixed. It’s quite possible they have no
impact on POI or XMLBeans.
2) Please consider submitting a PR to make the fix. We can always use more
contributors and everyone here is a volunteer.
Best,
Dave
> On May 15, 2024, at 2:23 AM
hi,
could you please plan a new release to get rid of CVE from
apache-commons-compress 1.25.0 -> 1.26.1
bests
-
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org