I just spotted missing security reports on
https://commons.apache.org/proper/commons-compress/security-reports.html
The page appears to be missing (at least) the report of the CVEs fixed in
commons-compress 1.21(CVEs published at 13/7/2021)
Strange to see a reference to the security-reports page
Hi Hans,
Thanks for pointing that out. I had a look at the latest version of that
page in GitHub, and it looks like some CVEs were added post-release:
https://github.com/apache/commons-compress/blob/master/src/site/xdoc/security-reports.xml
I tried building it locally to deploy a new version, but
