The latest version of the BundleTool library (1.18.0) is still vulnerable to the CVE-2024-7254 security vulnerability. This vulnerability comes from the protobuf-java dependency and has affected the BundleTool library for several years.
Many organizations enforce strict policies against using binaries with known security vulnerabilities. Please consider updating the protobuf-java dependency used by the BundleTool library from version 3.22.3 to at least 3.25.5 to address this issue.
The latest version of the
BundleToollibrary (1.18.0) is still vulnerable to the CVE-2024-7254 security vulnerability. This vulnerability comes from theprotobuf-javadependency and has affected theBundleToollibrary for several years.Many organizations enforce strict policies against using binaries with known security vulnerabilities. Please consider updating the
protobuf-javadependency used by theBundleToollibrary from version3.22.3to at least3.25.5to address this issue.