srowen
commented
1 year ago This affects Spark, not spark-xml, and spark is not packaged with this library. You would just use this library with a later version of Spark. I can/will update the version of Spark this is compiled against to the latest just for good measure, but there is no API difference, and no security implication here
Could you please update the package in marven repository. Since 11.01.2023 there is a vulnerabilities message with id CVE-2023-22946 for some dependencies.