Hi,
Are there any more details on this issue? For instance, under what
circumstances would an application that uses the commons-compress library be
vulnerable? The subject line hints that the flaw is specific to the Dump
format. Is that correct? Are there any options that need to be enabled/dis
sue.
>
> The PR you show for a different issue.
>
> Security issues are NOT reported or discussed in public until a fix is
> made available in a release.
>
> Please see:
> - https://commons.apache.org/proper/commons-compress/security.html
> - https://commons.apache.org/security
