Closed rocketraman closed 2 years ago
Hello!
As you can see I don't really have that much time anymore and I don't know when I will have that time so if you want to continue supporting it that would be great.
If you wish, I will update this repository so it points to your fork!
Ok @jdiazcano , I think adding a note in the README to point to my fork makes sense for now at least. Thanks!
There are libraries with known CVEs in the published version of cfg4k -- mainly the s3 dependency brings in older versions of jackson and httpclient, and the jgit dependency also brings in an older version of httpclient.
This is fixed on my branch here: https://github.com/rocketraman/cfg4k/tree/library-updates-security.