CVE-2022-26336: org.apache.poi/poi "4.1.1"

mjul / docjure

Read and write Office documents from Clojure

MIT License

619 stars 129 forks source link

CVE-2022-26336: org.apache.poi/poi "4.1.1" #98

Closed anttu closed 1 year ago

anttu commented 2 years ago

Hi, lein nvd check complains of an existing vulnerability in poi-4.1.1.jar (CVE-2022-26336). The issue has been fixed in poi version 5.2.1, would it be possible to bump the version?

PavlosMelissinos commented 1 year ago

This issue has been addressed by https://github.com/mjul/docjure/commit/5917daf137e172a90d1ed015aaea7627b4ccade4, so I think it can be closed @anttu .

(@mjul Now that it's been fixed, do you think we could have a new release please? 🙂)

mjul commented 1 year ago

Excellent, I have published a version 1.18.0.