Hi all, In July 2021 I retired the FindBugs packages from Fedora: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/thread/YI723NBFFXAOQSRMYIEFAD6CYGX7S6MM/ This included the findbugs-bcel package, which was an old snapshot of Apache Commons BCEL packaged for use by FindBugs. findbugs-bcel is still present in EPEL 7, but has just had a CVE bug filed against it: https://bugzilla.redhat.com/show_bug.cgi?id=2142726 Rather than attempt to address this vulnerability, and since FindBugs was never packaged for EPEL 7, I intend to retire findbugs-bcel from EPEL 7. As per the EPEL Package Retirement guidelines (https://docs.fedoraproject.org/en-US/epel/epel-policy-retirement/), I'm sending this email to announce my proposal to retire it. According to repoquery, no other packages depend on findbugs-bcel. Regards, Richard -- Richard Fearn richardfearn@xxxxxxxxx _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
