Security vulnerability in 0.17.0

[hrstoyanov]

When you track the dependencies for fastexcel-reader 0.17.0 here: https://central.sonatype.com/artifact/org.dhatim/fastexcel-reader/dependencies

You will notice that it depends on commons-compress 1.25.0, which is know for these CVEs:

Dependency maven:org.apache.commons:commons-compress:1.25.0 is vulnerable

CVE-2024-26308 7.5 Allocation of Resources Without Limits or Throttling vulnerability with High severity found
CVE-2024-25710 5.5 Loop with Unreachable Exit Condition ("Infinite Loop") vulnerability with Medium severity foundResults powered by Checkmarx(c)

Perhaps you need to upgrade the commons-compress dependency to the latest safe version?

[wiibaa]

Hello, can this be considered solved with version 0.18.0, or do you plan to release a 0.17.x too ?

[hrstoyanov]

I would gladly switch to 0.18.0, if this upgrades the bad module, and that would solve the issue for me. Thanks!