At this moment that's the CVE which I found using Storm 2.6.0 snapshot 20231102.
And since there's a commons-text-1.11.0.jar available, I guess we
should directly jump to this version.
Le jeu. 9 nov. 2023 à 08:49, Alexandre Vermeerbergen
a écrit :
>
> Yet another finding on my side to "not call y
Maybe just run grype [1] on the lib directories and post the output on
the list / thread, so we can create tickets for it
There might be some false positives but will give good insights.
Gruß
Richard
[1] https://github.com/anchore/grype
Am Donnerstag, dem 09.11.2023 um 08:49 +0100 schrieb Alexa
Yet another finding on my side to "not call yet for vote on a Storm
2.6.0", we have some CVEs and we shoudn't release a version having
known CVEs.
For example, we have
find . -name "commons-text*jar" -print
./lib-webapp/commons-text-1.9.jar
./external/storm-autocreds/commons-text-1.10.0.jar
The
