Vulnerability in xmlstreambuffer dependency - CVE-2022-40152 #71
Description
I see that we have a high severity vulnerability CVE-2022-40152 in the latest version of streambuffer - 2.1.0 which was released in 2022. But I see that there was a commit named "Bump woodstox-core from 6.2.8 to 6.4.0 in /streambuffer" where the respective vulnerability has been fixed by upgrading the woodstox-core library from 6.2.8 to 6.4.0, but it was never packaged with release.
Can we have a release package with this vulnerability fix ?