Closed CVEDetect closed 1 year ago
Thanks for providing this PR. However, you're missing a signed ECA and the CI is failing with the upgrade. Would it be possible to take a look at these issues?
ECA is passing, thanks. However, in your latest commit, you reverted your change and added another library - was this on accident?
Because the vulnerability was introduced by org.apache.commons:commons-compress, which is a dependency of poi-ooxml. Due to significant changes in the first attempt to modify the poi-ooxml version, which caused a CI failure, I chose to directly upgrade the version of commons-compress in my second attempt at modification.
Thanks a lot!
Fix issue #276 by update dependency poi-ooxml.version to 5.1.0 @FrankSchnicke