Hi, On Wed, Mar 13, 2024 at 7:16 PM Jean-Baptiste Onofré <j...@nanthrax.net> wrote:
> Hi folks, > > Recently, we upgraded to commons-compress 1.26.0 (on main). > commons-compress 1.26.0 fixes several CVEs (CVE-2024-25710, > CVE-2024-26308, CVE-2023-42503). > > Would it be possible to release Avro 1.11.4 (that will include > commons-compress update) ? > Actually a few weeks ago there was a proposal to release 1.12.0! https://lists.apache.org/thread/b8p8jkxx8f23yrss14q0y0ptdlttnxp4 > > I can help on the release if there are no objections. > Thanks ! > Regards > JB >
