Hi, We are getting reports from JFrog Xray vulnerability scanner that seem to be related to recently fixed OSS-Fuzz issues:
* Summary: Apache Commons Compress archivers/zip/ZipFile.java ZipFile::readCentralDirectoryEntry() Function Uncaught Exception DoS Severity: High * Summary: Apache Commons Compress archivers/tar/TarArchiveEntry.java TarArchiveEntry::processPaxHeader() Function Uncaught Runtime Exception DoS Severity: High In previous thread it was said that none of the fuzzer findings was deemed security issues. Were these incorrectly flagged by the vulnerability scanner? I'd be curious to know if there is planned date for commons-compress 1.21? Best regards Tero --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
