[
https://issues.apache.org/jira/browse/CAMEL-20630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17832076#comment-17832076
]
Claus Ibsen commented on CAMEL-20630:
-------------------------------------
This kind of questions is better asked in the user mailing list - its not a bug.
And if you want to help the project, you can send a PR with the upgrade for the
camel-3.22.x branch.
> CVE-2024-25710, CVE-2024-26308 - Vulnerabilities with
> Camel-zip-deflater-starter maven dependency
> -------------------------------------------------------------------------------------------------
>
> Key: CAMEL-20630
> URL: https://issues.apache.org/jira/browse/CAMEL-20630
> Project: Camel
> Issue Type: Bug
> Affects Versions: 3.22.1
> Reporter: Sasikumar Muthukrishnan Sampath
> Priority: Major
>
> Hi,
>
> We have couple of vulnerabilities CVE-2024-25710, CVE-2024-26308 with
> 'Camel-zip-deflater'. These vulnerabilities are from
> org.apache.commons:commons-compress.1.21.jar, need to upgrade to 1.26.0.
> Is there any plan to release a new patch version on 3.22 with the fix?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
