[jira] [Commented] (CAMEL-20630) CVE-2024-25710, CVE-2024-26308 - Vulnerabilities with Camel-zip-deflater-starter maven dependency

Claus Ibsen (Jira) Fri, 29 Mar 2024 03:07:03 -0700


    [ 
https://issues.apache.org/jira/browse/CAMEL-20630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17832129#comment-17832129
 ]


Claus Ibsen commented on CAMEL-20630:
-------------------------------------

Okay I have upgraded 3.22.x and 3.21.x branches (it was not easy)

> CVE-2024-25710, CVE-2024-26308 - Vulnerabilities with 
> Camel-zip-deflater-starter maven dependency
> -------------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-20630
>                 URL: https://issues.apache.org/jira/browse/CAMEL-20630
>             Project: Camel
>          Issue Type: Bug
>    Affects Versions: 3.22.1
>            Reporter: Sasikumar Muthukrishnan Sampath
>            Priority: Major
>
> Hi,
>  
> We have couple of vulnerabilities CVE-2024-25710, CVE-2024-26308 with 
> 'Camel-zip-deflater'. These vulnerabilities are from 
> org.apache.commons:commons-compress.1.21.jar, need to upgrade to 1.26.0.
> Is there any plan to release a new patch version on 3.22 with the fix?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CAMEL-20630) CVE-2024-25710, CVE-2024-26308 - Vulnerabilities with Camel-zip-deflater-starter maven dependency

Reply via email to