+1. On a side note, Grype finds a CVE in Mina when I scan the API dist which looks like a false positive:
mina-core 2.2.3 java-archive CVE-2023-35887 Medium https://nvd.nist.gov/vuln/detail/CVE-2023-35887 This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10 If it's a false positive for 2.3.0 and you wrote the description @Emmanuel Lécharny , can you contact NIST about updating it to flag the correct versions? Colm. On Mon, Oct 9, 2023 at 8:15 AM Emmanuel Lécharny <[email protected]> wrote: > > Hi all, > > this is a vote for the release of Apache LDAP API 2.1.5 > > This release is just bumping up some dependencies like MINA 2.2.3, and a > few others. It's needed for the coming release of Apache Directory Server. > > The revision : > > https://github.com/apache/directory-ldap-api/commit/01ac0d7e9c3099331c1cd69b3687db24a64ec1e6 > > The source and binary distribution packages: > https://dist.apache.org/repos/dist/dev/directory/api/2.1.5 > > The staging repository: > https://repository.apache.org/content/repositories/orgapachedirectory-1221/ > > > Please cast your votes: > [ ] +1 Release Apache LDAP API 2.1.5 > [ ] 0 abstain > [ ] -1 Do not release Apache LDAP API 2.1.5 > > > Thanks ! > > > -- > *Emmanuel Lécharny* P. +33 (0)6 08 33 32 61 > [email protected] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
