Skip to content

Commit

Permalink
force use of commons-compress 1.26.2 as that's not (currently) vulner…
Browse files Browse the repository at this point in the history 
…able in the way 1.21 is that was being pulled in by poi. see #166
  • Loading branch information
@greenwoodma
greenwoodma committed Jul 2, 2024
1 parent 29922ad commit 8ecf711
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -358,9 +358,20 @@
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
<exclusion>
<!-- version here is currently vulnerable so exclude it-->
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
</exclusion>
</exclusions>
</dependency>

<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>1.26.2</version>
</dependency>

<dependency>
<groupId>com.drewnoakes</groupId>
<artifactId>metadata-extractor</artifactId>
Expand Down

0 comments on commit 8ecf711

Please sign in to comment.