All,
We detected and fixed an area for improvement in the version of POI that
we just upgraded to (https://bz.apache.org/bugzilla/show_bug.cgi?id=67767).
I should have caught this in earlier regression tests before the release of
POI, but I clearly botched that comparison run. I'm sorry.
My guess is that the next release of POI with that fix is probably a week
or two away. Given the compress cve (CVE-2023-42503), it would be useful
to push out releases soon.
Some options I see:
a) wait for POI for both 2.9.1 and 3.0.0-BETA
b) revert POI for 2.9.1 and start the release process; wait for POI for
3.0.0-BETA
c) revert POI for 3.0.0-BETA and start the release process; wait for POI
for 2.9.1
d) revert POI for 2.9.1 and 3.0.0-BETA and release both
We also have a re-request to fix the tika as service scripts. Not clear
that I have the knowledge or time to work on that in the near term.
What do you think?
Best,
Tim
