From mobile apps to microservices, from small startups to big enterprises, Gradle helps teams build, automate and deliver better software, faster.

Gradle Community

Hello there, our team just upgraded to Gradle 8.7. Our CI pipeline runs security checks and discovered `commons-compress:1.25.0` on the classpath which is vulnerable to the following CVEs:

• CVE-2024-25710
• CVE-2024-26308
How would I address the update of commons-compress?

As it is part of the distribution, I guess you would have to use a custom Gradle distribution.