As with 2.x, we can make a 1.28.1 release with the updated PDFBox early in the new year.
On Tue, Dec 14, 2021 at 3:50 PM Tim Allison <[email protected]> wrote: > > All, > We upgraded to log4j 2.16.0 in the 1.x branch and upgraded a few > other dependencies that ossindex flagged as vulnerable. Given the > breaking changes in migrating from log4j to log4j2, I've gone with the > notion that the next 1.x release should be 1.28, not 1.27.1. > Once Subhajit has a chance to review the log4j2 mods around > monitoring in tika server, should I roll a release candidate for 1.28? > > Best, > > Tim
