ladenedge
commented
1 week ago To follow up on this, running APR 1.5 is going to stop being an option for us by the end of this year. I'd like to try and update the APR libraries in the dependencies package myself (and submit them back to you, if you like). Are the patches used to create the dependencies libraries still out there? All the links to them in the old documentation appear to be dead. ☹️
Also, have you considered a fork to Github where the latest versions could be maintained?
Thanks again for your help!
Hello. We recently started scanning our code with BlackDuck, a dependency analysis tool, and found that the version of the Apache Portable Runtime in use by UniMRCP has a number of high risk security vulnerabilities.
Are there any plans to upgrade these dependency libraries? (The latest APR, v1.7.4, shows no known vulnerabilities.)
If not, are there any known issues with later versions? Would a PR be appropriate for such an upgrade?
Thank you for your time!