Hello - I'm inquiring to see if there is any planned upcoming release of commons-compress 1.21?
To elaborate, I have a project uses commons-compress 1.20. But there are some security-related vulnerabilities in 1.20 reported by JFrog X-Ray, mostly coming from findings by the "oss-fuzz" project. These have actually been fixed in the commons-compress git repo already, but are not yet released. I'm trying to find out if there is any plan to release 1.21 in the near- to mid-term, or if I should build my own commons-compress snapshot release if I need those fixes. Appreciate any guidance you might have. Here are the specific fixes in question: * https://github.com/apache/commons-compress/commit/26924e96c7730db014c310757e11c9359db07f3e * https://github.com/apache/commons-compress/commit/882c6dd12473d7b615d503e08fd6b866d0f866d5 * https://github.com/apache/commons-compress/commit/d15c285941351958a902265aeacdc151fa98c127 Thanks, Greg Merrill Platform Architect, One Network Enterprises [email protected] office: (972) 455-3514 cell: (214) 450-8239 This document contains ONE Network Enterprises Proprietary and Confidential Business Information and is intended solely for the use and information of the person and/or company to whom it is addressed. It may not be duplicated or published without the written consent of One Network.
