If you read the CVE, especially "Known affected configuration" you'll see that the issue was fixed in 1.26.0.
Gary On Wed, Mar 13, 2024, 9:22 AM Puneet Samaiya <psama...@tjc-group.com.invalid> wrote: > Hello There, > > We've identified a vulnerability in our code related to > commons-compress-1.21.jar (expected version 1.26.0). It's worth noting that > this is a transitive dependency and not a direct one. > > > > > > To address this issue, we kindly request an upgrade to version > org.apache.commons:commons-compress:1.26.0. Additional information about > the vulnerability can be found at the following CVE link: CVE-2024-25710 > <https://www.cve.org/CVERecord?id=CVE-2024-25710>. > > For your convenience, I have attached the relevant pom file containing all > dependencies. If you have any insights or resolutions to offer, we would > greatly appreciate your guidance. Alternatively, if there is another > preferred channel for reporting such issues, please advise accordingly. > > Thank you for your attention to this matter, and we look forward to your > guidance. > > > > Thanks and Best Regards > > [image: TJC Group] > <https://cloud.letsignit.com/collect/bc/61653b7922c19c167c77729b?p=QWtJhe58Mtc39y5QfyP92cbAcJ_Pg_yyoW0UhNt08vaZ-yAnND8YhEvulvqcJhXCcOTXFLf_osZ2I84cua9wPOU_z5ON46A5aOWtw6zRNVzW9tucqnXzsbqZvhQMl52pt7WpQNrVDgfOgBHLRFpIkQ==> > > [image: LinkedIn] > <https://cloud.letsignit.com/collect/bc/61653b7922c19c167c77729b?p=QWtJhe58Mtc39y5QfyP92cbAcJ_Pg_yyoW0UhNt08vaZ-yAnND8YhEvulvqcJhXCcOTXFLf_osZ2I84cua9wPOU_z5ON46A5aOWtw6zRNVyvy0pX9yNRttpPsNkQHYPO7gDvATaQRVQq9S2FxJn7fXX6Hxo4Rac6X3d_6VjiGB0=> > > [image: Twitter] > <https://cloud.letsignit.com/collect/bc/61653b7922c19c167c77729b?p=QWtJhe58Mtc39y5QfyP92cbAcJ_Pg_yyoW0UhNt08vaZ-yAnND8YhEvulvqcJhXCcOTXFLf_osZ2I84cua9wPEeJLeCbA6VjiBw4QljAIyP3eQVmLlKiTfpZ5UqeDD6EpYxSwHi2WemB0DOtl9_uNQ==> > > [image: YouTube] > <https://cloud.letsignit.com/collect/bc/61653b7922c19c167c77729b?p=QWtJhe58Mtc39y5QfyP92cbAcJ_Pg_yyoW0UhNt08vaZ-yAnND8YhEvulvqcJhXCcOTXFLf_osZ2I84cua9wPOU_z5ON46A5aOWtw6zRNVzQD-XfebFCo5nDZ-bEUstfqw_aOAzBdLiGSfY1UFtWKA==> > > Puneet Samaiya > > Senior Test Engineer @ TJC‑Group INDIA > > > > +91‑805 500 8609 > > > > +91‑805 500 8609 > > <psama...@tjc-group.com> > > psamaiya@tjc‑group.com <psama...@tjc-group.com> > > Email Disclaimer > <https://cloud.letsignit.com/collect/bc/61653b7922c19c167c77729b?p=QWtJhe58Mtc39y5QfyP92cbAcJ_Pg_yyoW0UhNt08vaZ-yAnND8YhEvulvqcJhXCcOTXFLf_osZ2I84cua9wPOU_z5ON46A5aOWtw6zRNVzW9tucqnXzsbqZvhQMl52pFCMIR4Uc174nV-UxgIIcTGPrg4vze7v-P3S23OEx07I=> > > TJC‑Group INDIA > > Nyati Emporius > > Pune ‑ 411045 > > India > > [image: https://sapinsider.org/events/vegas2024/] > <https://cloud.letsignit.com/collect/b/65c9dbb598fa73dc81456361?p=QWtJhe58Mtc39y5QfyP92cbAcJ_Pg_yyoW0UhNt08vaZ-yAnND8YhEvulvqcJhXCcOTXFLf_osZ2I84cua9wPE7La_3zgfllCBIE6MSTT1fGBkVs32FgpM8XhZl5FVnApYk_-bJenhmP3GQefwaaW6hA8fSF2EWwNO7eiyX5nvI=> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: security-unsubscr...@commons.apache.org > For additional commands, e-mail: security-h...@commons.apache.org
