Hi all, I am working for Code Intelligence and we did our best to find a maintainer for the oss-fuzz project Unfortunately, we've have failed and got no feedback until now, but It seems to be an unmaintained project except for some typo fixes since some years. I am not sure yet to which mailing list the bug report was send to, but I will check that information with the team.
However, I am really happy that there is some interest in fixing the RCE. I have verified the vulnerability and for me it seems to be a valid RCE. @Mark Thomas should we continue to discuss further details via secur...@apache.org? We would like to support the fix process. Best regards Roman
