Getting POI 5.x to work within the osgi bundle is a bit of a challenge (for me). If we need to release an update soon, we can revert that change back to 4.x and be good to start the vote on Monday.
Fellow devs, what do you think? On Sat, Dec 11, 2021 at 3:42 AM Cristian Zamfir <[email protected]> wrote: > > It would be great to also update the Docker containers, it is a critical > vulnerability IMO. Thanks! > > > On Fri, Dec 10, 2021 at 5:41 PM Tim Allison <[email protected]> wrote: > > > All, > > As you've probably heard, a dire rce was recently announced in > > log4j2. I suspect it would be fairly easy to develop a PoC to show > > that we're vulnerable. It isn't as straightforward as webapps that > > are logging direct user input, but I don't think it would take much. > > Should we push for a 2.x release in the next few days? > > > > Best, > > > > Tim > > > -- > Cristian Zamfir > Co-founder/VP of Reliability and Security - Cyberhaven > https://cyberhaven.com > https://www.linkedin.com/in/cristizamfir/ > Mobile: +41 (798) 241-698 / +1 (617) 651-1306
