Hi, 3 months ago Danny Trunk created https://issues.apache.org/jira/browse/OFBIZ-13123
It's interesting PRs about security with transitive dependencies. So far we did not merge it because of Michael's reasonable concerns (see https://github.com/apache/ofbiz-framework/pull/819) The framework part begins to have conflicts to resolve... simple for now.... I hope to soon update Freemarker to 2.3.34 see https://issues.apache.org/jira/browse/OFBIZ-13131 and https://lists.apache.org/thread/mczcsc04hl83spkdt66y25z2nqsgyz51 I'm also concerned about https://www.cve.org/CVERecord?id=CVE-2024-47554 What do you thing about all that? TIA
