Hello together, I am Thomas Seiwert and I am working at Rewe as a Software Developer. Why am I contacting you? We are currently using apache commons configuration2 to make apache shiro.ini configuratble per environment using strint interpolation. Our problem: Apache Commons Configuration in version 2.8.0 (which is the current release version) has several vulnerabilities. See https://mvnrepository.com/artifact/org.apache.commons/commons-configuration2/2.8.0<https://urldefense.com/v3/__https:/mvnrepository.com/artifact/org.apache.commons/commons-configuration2/2.8.0__;!!LmobyQ!qkHIm9QLM_7mszl57ldsAdhK73pxW-EdEcdL2rDXWuUfOCd9oLAs8ep4rH582oVEmz489Ps-7DB5OOJMUg7gLTLnq6z1Qg$>. One of them is the apache commons text security issue.
As I have seen you have created a jira ticket for you already. https://issues.apache.org/jira/projects/CONFIGURATION/issues/CONFIGURATION-823?filter=allopenissues<https://urldefense.com/v3/__https:/issues.apache.org/jira/projects/CONFIGURATION/issues/CONFIGURATION-823?filter=allopenissues__;!!LmobyQ!qkHIm9QLM_7mszl57ldsAdhK73pxW-EdEcdL2rDXWuUfOCd9oLAs8ep4rH582oVEmz489Ps-7DB5OOJMUg7gLTLYA6ft9g$> Is there any plan to create a new release with fixed apache commons text version? Can you already think of a date for the release? Thank in Advance Thomas Seiwert
