Hi Gary,
On 23.07.2025 13:18, Gary Gregory wrote:
> So, for Commons Compress for example, like this:
>
> {
> "@context": "https://openvex.dev/ns/v0.2.0";,
> "id": "https://apache.org/vex/statement-commons-compress-001";,
> "author": "apache.org",
> "role": "Document Creator",
> "timesta
So, for Commons Compress for example, like this:
{
"@context": "https://openvex.dev/ns/v0.2.0";,
"id": "https://apache.org/vex/statement-commons-compress-001";,
"author": "apache.org",
"role": "Document Creator",
"timestamp": "2025-07-23T11:11:00Z",
"version": 1,
"statements": [
Hi all,
As you know, we released CVE-2025-48924 for Commons Lang a few days ago.
Due to the widespread use of the library, the CVE has already triggered
some user responses: for example, in [1], users reported being forced to
upgrade Commons Lang and remove deprecated method usage due to inter
