Hello, In the release history 2.8 is marked as “minor update” and I don’t find mentioning of the critical interpolation CVE, should we add to the table and announcements this CVE and do we need a security section as well?
https://commons.apache.org/proper/commons-configuration/changes-report.html Gruss Bernd -- http://bernd.eckenfels.net
