Hello, Currently the newest LibreOffice maven plugin appears to be for version 24.2.3 (see https://mvnrepository.com/artifact/org.libreoffice/libreoffice). In CVE-2024-7788 (https://www.libreoffice.org/about-us/security/advisories/cve-2024-7788/) it is recommended that users upgrade to 24.2.5 or 24.8.0, but no corresponding publicly available plugin appears to be available.
When we run vulnerability scans on an application that is reliant on the LibreOffice maven plugin version 24.2.3, we are getting flagged by the CVE above. Could you please clarify if the CVE applies to this maven plugin? If it applies to the plugin, can we get an estimate on when a newer version will be available? Regards, Ted Parton Principle Member of Technical Staff Mobile: +1.615.584.5355 Oracle Database Developer Tools -- To unsubscribe e-mail to: [email protected] Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.libreoffice.org/global/users/ Privacy Policy: https://www.documentfoundation.org/privacy
