Hi everyone, We are getting a few emails coming in about the recent CVE reports in commons-compress (v1.26.0 release) [1]. poi-ooxml uses commons-compress for reading and writing zip format data and most modern Microsoft data formats need zip support. We have tested with the latest commons-compress jars and they work well with POI. If you are using a recent POI release (5.2.x) and want to just upgrade the commons-compress the jars yourself - then this should work ok. Give it a test before going into production. We currently have no plans to do a POI release - especially since users can just upgrade the commons-compress jar themselves.
Regards, PJ [1] https://mvnrepository.com/artifact/org.apache.commons/commons-compress/1.25.0 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
