Closed bbimber closed 11 months ago
@bbimber Thank you!
@lbergelson were there any other changes you needed on this? Also, and this isnt urgent, but is there a defined release schedule on htsjdk? Thanks.
Ack, I had it set to rebase instead of squash. Sorry for commit spam.
Thanks for doing this. I was thinking of doing a release very soon.
There are CVEs reported for mjson, which does not appear to be an actively maintained project:
https://nvd.nist.gov/vuln/detail/CVE-2023-34611 https://github.com/bolerio/mjson/issues/40
and also snappy-java:
https://nvd.nist.gov/vuln/detail/CVE-2023-34453 https://nvd.nist.gov/vuln/detail/CVE-2023-34455
the latest snappy-java has been patched.
This PR does two things: