Hi, Our application is using the JDK7 & common compress 1.24 is compatible with it. New 1.26 version is not compatible with the JDK7. Is there a way we can make it compatible?
If not compatible, then custom build with CVE fixes is the only way. I was reviewing the CVEs fixed in the 1.26 version - CVE-2024-25710 : I was able to find a PR which fixed the issue. Is this correct PR ? https://issues.apache.org/jira/browse/COMPRESS-632 https://github.com/apache/commons-compress/commit/8a9a5847c04ae39a1d45b365f8bb82022466067d - CVE-2024-26308 : I could not find the actual fix/PR for this issue. Can anyone help pointing to the actual fix? Could you please review & reply to these queries. Regards, Guru
