On Mon, 2023-02-13 at 13:54 -0800, Ryan Schmitt wrote: > I'm sending this along on behalf of a colleague who is having trouble > getting through to the distribution list. > > ---- > > Hi Apache client developers, > > It looks like the org.brotli.dec dependency was updated upstream for > three > years after the final version was published in Maven Central [1], > including > fixing CVEs [2]. Is this a good dependency for the Apache Client [3]? >
I am not sure anyone of us can give an answer to that question. Oleg > Aaron > > [1] https://mvnrepository.com/artifact/org.brotli/dec > [2] https://github.com/google/brotli/releases/tag/v1.0.9 > [3] > https://github.com/apache/httpcomponents-client/blob/3805eb6a588d88ba8662c95ac349b5d8612dfa85/pom.xml#L67 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
