FrankSchnicke
commented
1 year ago Thanks for providing this PR. However, you're missing a signed ECA and the CI is failing with the upgrade. Would it be possible to take a look at these issues?
Closed CVEDetect closed 1 year ago
FrankSchnicke
commented
1 year ago Thanks for providing this PR. However, you're missing a signed ECA and the CI is failing with the upgrade. Would it be possible to take a look at these issues?
FrankSchnicke
commented
1 year ago ECA is passing, thanks. However, in your latest commit, you reverted your change and added another library - was this on accident?
CVEDetect
commented
1 year ago Because the vulnerability was introduced by org.apache.commons:commons-compress, which is a dependency of poi-ooxml. Due to significant changes in the first attempt to modify the poi-ooxml version, which caused a CI failure, I chose to directly upgrade the version of commons-compress in my second attempt at modification.
FrankSchnicke
commented
1 year ago Thanks a lot!
Fix issue #276 by update dependency poi-ooxml.version to 5.1.0 @FrankSchnicke