Next alpha release timeline for fixing high severity vulnerabilities with zlib and libexpat

Question

Next alpha release timeline for fixing high severity vulnerabilities with zlib and libexpat

vijayasarathee opened this issue a year ago · 1 comments

Hi,
I see that there is a pull-request to upgrade zlib dependency to 1.213.
I hope that this is to address CVE-2018-25032 issue.
Also, there is another high severity CVE-2022-43680 with libexpat which is fixed with version 2.5.
What are the plans to also address this issue in upcoming alpha release?
Also want to know the timeline of the next alpha release.
Currently we are evaluating 3.0a2 for FMI 3.0 support. We are planning to upgrade to the next alpha release and it will be very helpful to get these issues fixed.
Thanks,
Vijay

Answer 1 · 2023-11-02T12:52:42.000Z

Expat has been updated with #92

We plan to make new alpha release once the zlib update is merged.