From e49b11d1086bb1cf5bcec12f0336c3ea954eef24 Mon Sep 17 00:00:00 2001
From: Asif Sohail Mohammed <nsifmoh@amazon.com>
Date: Thu, 22 Feb 2024 10:45:54 -0600
Subject: [PATCH] Fix commons-compress CVE

Signed-off-by: Asif Sohail Mohammed <nsifmoh@amazon.com>
---
 build.gradle | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/build.gradle b/build.gradle
index 70ce138b99..758e80189f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -201,6 +201,12 @@ subprojects {
                 }
                 because 'CVE-2023-5072, CVE from transitive dependencies'
             }
+            implementation('org.apache.commons:commons-compress') {
+                version {
+                    require '1.26.0'
+                }
+                because 'CVE-2024-25710, CVE-2024-26308'
+            }
         }
     }