Bug 65451 - poi-ooxml uses a vulnerable dependency - commons-compress
Summary: poi-ooxml uses a vulnerable dependency - commons-compress
Alias: None
Product: POI
Classification: Unclassified
Component: POI Overall (show other bugs)
Version: 5.0.0-FINAL
Hardware: All All
: P2 major (vote)
Target Milestone: ---
Assignee: POI Developers List
Depends on:
Reported: 2021-07-14 18:46 UTC by maor
Modified: 2021-07-14 18:59 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 PJ Fanning 2021-07-14 18:51:33 UTC
this is already fixed in poi trunk and will be part of next release - you can modify your own build to use latest commons-compress as a workaround
Comment 2 maor 2021-07-14 18:54:11 UTC
Thanks for the prompt update!
Is there any place I can see the planned release timeline?
Comment 3 PJ Fanning 2021-07-14 18:59:07 UTC
release is not yet scheduled but there is a workaround - upgrade commons-compress in your own build - remember this is not a POI issue.