Apache POI has some vulnerability with POI OOXML jar file Maven Link : https://mvnrepository.com/artifact/org.apache.poi/poi-ooxml/5.2.5
Description: poi-ooxml-5.2.5.jar (latest version) is using commons-compress-1.25.0.jar which is having 2 vulnerabilities. But we have commons-compress-1.26.1.jar(Latest version) have no Vulnerability. My question to Apache POI is do you have any plan to release new version including commons-compress-1.26.1.jar to avoid vulnerability with common-compress library.
Expecting new release from Apache POI to include commons-compress-1.26.1.jar(Latest version) in their poi-ooxml