ochedru
commented
3 years ago Thank you for reporting this! I try to keep up with the release of new dependencies but I missed this one.
Closed Gabrieltay closed 3 years ago
ochedru
commented
3 years ago Thank you for reporting this! I try to keep up with the release of new dependencies but I missed this one.
Gabrieltay
commented
3 years ago Thanks for the fast fix!
Four CVEs have been published for commons-compress 1.20.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090
Is there any roadmap to upgrade commons-compress to 1.21?