Hi Ben, On Do, 2023-11-02 at 08:45 +0100, Ben Weidig wrote: > AFAIK there's no release planned right now, but I concur that even a > smaller one might be warranted due to fixing a CVE.
that would be much appreciated. > However, if you need to mitigate immediately, you could replace > underscore in any version with a config override: Yeah, I know. Even though the affected file won’t be used by the application it would still be there and be detected by security scanners on the server. Or do you happen to know a way to exclude the file (from within the Tapestry core lib) from the final war file, e. g. a Gradle task? Thanks a lot, Oliver
