Replies: 2 comments 3 replies
-
|
Personally, I don't plan to do any more work on Tablesaw. I need to pick
where I spend my time and simply don't have enough for this project
anymore.
…On Wed, Aug 2, 2023 at 2:01 AM Bhavik Patel ***@***.***> wrote:
There is a 9.8 rated critical vulnerability found in apache commons text
version 1.8 which is being pulled from version 0.8.1 of json flattener
dependency in json module of our project.
link to vulnerability :
https://devhub.checkmarx.com/cve-details/CVE-2022-42889/
This vulnerability is fixed in commons text version 1.10 and in turn in
fixed in latest version of json flattener 0.16.4. I have merged PR to
bump the version of json flattener to latest in both java 8 branch and
master branch.
link to PRs:
#1224 <#1224>
#1223 <#1223>
Can we look at releasing a tablesaw version with this fix?
—
Reply to this email directly, view it on GitHub
<#1225>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA2FPAVOW3RASAWZIFYQHALXTHULNANCNFSM6AAAAAA3AX2624>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
I understand that you need to spend your time on another project but this project is too useful and impactful to be without someone (like you) who can drive this project. I have used tablesaw in my previous 2 projects and found it to be very useful and neat. Do you have someone in mind who can take this project forward? |
Beta Was this translation helpful? Give feedback.
-
|
Hi @bhavikp19, I made maintenance release including these fixes and others. See the other thread for details #1261. And please let me know whether this works for you. Cheer |
Beta Was this translation helpful? Give feedback.
-
|
@ccleva that is some good news! Let me work to see if we can include the fork in our code base and report back on any issues that it has. |
Beta Was this translation helpful? Give feedback.
-
|
You can use the release candidate from maven central, see https://central.sonatype.com/search?q=tlabs-data&smo=true&sort=published And thanks for reporting any issue you encounter |
Beta Was this translation helpful? Give feedback.
-
There is a 9.8 rated critical vulnerability found in apache commons text version
1.8which is being pulled from version0.8.1of json flattener dependency injsonmodule of our project.link to vulnerability : https://devhub.checkmarx.com/cve-details/CVE-2022-42889/
This vulnerability is fixed in commons text version
1.10and in turn in fixed in latest version of json flattener0.16.4. I have merged PR to bump the version of json flattener to latest in both java 8 branch and master branch.link to PRs:
#1224
#1223
Can we look at releasing a tablesaw version with this fix?
Beta Was this translation helpful? Give feedback.
All reactions