[UPDATE] commons-compress 1.24.0 -> 1.26.0
Fixes:
- CVE-2024-25710: Denial of service caused by an infinite loop for a corrupted DUMP file
- CVE-2024-26308: OutOfMemoryError unpacking broken Pack200 file
diff --git a/pom.xml b/pom.xml
index 0df0fd6..56c5925 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2565,7 +2565,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
- <version>1.24.0</version>
+ <version>1.26.0</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>