Hi Stephan, Two answers.
1) Please list the CVEs that would be fixed. It’s quite possible they have no impact on POI or XMLBeans. 2) Please consider submitting a PR to make the fix. We can always use more contributors and everyone here is a volunteer. Best, Dave > On May 15, 2024, at 2:23 AM, Stefan Bischof <stbisc...@bipolis.org> wrote: > > hi, > > could you please plan a new release to get rid of CVE from > apache-commons-compress 1.25.0 -> 1.26.1 > > bests > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > For additional commands, e-mail: dev-h...@poi.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
