jxls icon indicating copy to clipboard operation
jxls copied to clipboard

Published 20 hours ago verified publisher icon jxlsteam

Version 3.0.0 has contains CVE because of transitive dependency

Open ydrozhdzhal opened this issue 7 months ago • 5 comments

Hi

We migrated our project to library version 3.0.0 and it still contains vulnerable transitive dependency commons-collections:commons-collections:3.2.2 (resolved through commons-beanutils:commons-beanutils:1.9.4)

Can you exclude this vulnerable dependency from next minor release?

More details: https://devhub.checkmarx.com/cve-details/Cx78f40514-81ff/

ydrozhdzhal avatar Jul 25 '24 14:07 ydrozhdzhal