SharpZipLib icon indicating copy to clipboard operation
SharpZipLib copied to clipboard
verified publisher icon icsharpcode

NPOI 2.5.5 INTERNALY using SharpZipLib 1.3.2 version but SharpZipLib 1.3.2 flaged by blackduck as security vunerbilty

Open Sureshrcm09 opened this issue 3 years ago • 1 comments

If i change SharpZipLib to 1.3.3 NPOI packege is not working.but Npoi using 1.3.2 SharpZipLib which is a security vuneable by blackduck tool.

Sureshrcm09 avatar Feb 15 '22 12:02 Sureshrcm09

NPOI does not use the affected parts of SharpZipLib (tar archives) AFAIK (since it deals with zip files). In any case, we can't do anything about what version they are using internally.

piksel avatar Feb 17 '22 13:02 piksel