This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
commit c76bc976703dc0cebfb6d4653061b8ac3524421d
Author: Gary D. Gregory <garydgreg...@gmail.com>
AuthorDate: Sat Jul 26 08:32:52 2025 -0400
Use OpenVEX to document that we are not affected by CVE-2025-48924 in
Commons Lang
---
src/conf/security/openvex.json | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/conf/security/openvex.json b/src/conf/security/openvex.json
new file mode 100644
index 000000000..c03437e65
--- /dev/null
+++ b/src/conf/security/openvex.json
@@ -0,0 +1,21 @@
+{
+ "@context": "https://openvex.dev/ns/v0.2.0";,
+ "id": "https://apache.org/vex/statement-commons-compress-001";,
+ "author": "apache.org",
+ "role": "Document Creator",
+ "timestamp": "2025-07-23T11:11:00Z",
+ "version": 1,
+ "statements": [
+ {
+ "vulnerability": {
+ "name": "CVE-2025-48924"
+ },
+ "products": [
+ "pkg:maven/org.apache.commons/commons-compress@1.28.0"
+ ],
+ "status": "not_affected",
+ "justification": "vulnerable_code_not_in_execute_path",
+ "timestamp": "2025-07-23T11:11:00Z"
+ }
+ ]
+}
