The latest release of deeplearning4j as well as its current develop state depend on Apache Commons Net 3.1. As shown on Maven Central, any version of Apache Commons Net prior to 3.9 is flagged with CVE-2021-37533. This is causing us issues using deeplearning4j in a commercial product.
I thought it a bit strange that a network utilities library is part of deeplearning4j, so I checked where it's used in the code. The only location appears to be Nd4jBase64.java, where it's imported for base64 encoding and decoding functions. Can't we just use java.util.Base64 instead to get the same functionality?
Additionally, I would like to enquire: What are the plans for future formal releases? I see some commit activity on the repo, but no release activity since August 2022.
The latest release of deeplearning4j as well as its current develop state depend on Apache Commons Net 3.1. As shown on Maven Central, any version of Apache Commons Net prior to 3.9 is flagged with CVE-2021-37533. This is causing us issues using deeplearning4j in a commercial product.
I thought it a bit strange that a network utilities library is part of deeplearning4j, so I checked where it's used in the code. The only location appears to be Nd4jBase64.java, where it's imported for base64 encoding and decoding functions. Can't we just use java.util.Base64 instead to get the same functionality?
Additionally, I would like to enquire: What are the plans for future formal releases? I see some commit activity on the repo, but no release activity since August 2022.