centic9 commented on issue #995: URL: https://github.com/apache/poi/issues/995#issuecomment-3750009196
We usually don't release for security fixes in transitive dependencies as there are many many such updates released constantly and only very few have actual security-impact on how Apache POI uses them. Until the next version of Apache POI is available, you can easily add the newer version of log4j as explicit dependency in Gradle or Maven which will include the fixed version for you. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
