Publication Date: 2024/06/17 10:30 AM PDT

AWS is aware of CVE-2024-37902, relating to a potential issue with the archive extraction utilities for DeepJavaLibrary (DJL). On May 15, 2024, we released version 0.28.0 to address this issue. If you are using an affected version (0.1.0 through 0.27.0), we recommend you upgrade to 0.28.0 or higher.

For additional information, please refer to the DJL release notes.

Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.