diff --git a/.classpath b/.classpath
index 8335dcbe5..367843e9c 100644
--- a/.classpath
+++ b/.classpath
@@ -40,6 +40,6 @@
 	<classpathentry kind="lib" path="lib/byte-buddy-1.7.9.jar"/>
 	<classpathentry kind="lib" path="lib/byte-buddy-agent-1.7.9.jar"/>
 	<classpathentry kind="lib" path="lib/objenesis-2.6.jar"/>
-	<classpathentry kind="lib" path="lib/commons-compress-1.17.jar"/>
+	<classpathentry kind="lib" path="lib/commons-compress-1.18.jar"/>
 	<classpathentry kind="output" path="bin"/>
 </classpath>
diff --git a/build.gradle b/build.gradle
index bf5e8aefc..ed7097ab6 100644
--- a/build.gradle
+++ b/build.gradle
@@ -219,7 +219,7 @@ project('ooxml') {
         compile 'org.apache.xmlbeans:xmlbeans:3.0.0'
         compile 'org.apache.commons:commons-collections4:4.2'
         compile 'org.apache.commons:commons-math3:3.6.1'
-        compile 'org.apache.commons:commons-compress:1.17'
+        compile 'org.apache.commons:commons-compress:1.18'
         compile 'org.apache.santuario:xmlsec:2.1.0'
         compile 'org.bouncycastle:bcpkix-jdk15on:1.59'
         compile 'com.github.virtuald:curvesapi:1.05'
diff --git a/build.xml b/build.xml
index 4b6fff2ed..fbd286907 100644
--- a/build.xml
+++ b/build.xml
@@ -203,9 +203,9 @@ under the License.
     <property name="ooxml.xmlbeans.jar" location="${ooxml.lib}/xmlbeans-3.0.0.jar"/>
     <property name="ooxml.xmlbeans.url"
               value="https://repository.apache.org/content/repositories/releases/org/apache/xmlbeans/xmlbeans/3.0.0/xmlbeans-3.0.0.jar"/>
-    <property name="ooxml.commons-compress.jar" location="${main.lib}/commons-compress-1.17.jar"/>
+    <property name="ooxml.commons-compress.jar" location="${main.lib}/commons-compress-1.18.jar"/>
     <property name="ooxml.commons-compress.url"
-              value="${repository.m2}/maven2/org/apache/commons/commons-compress/1.17/commons-compress-1.17.jar"/>
+              value="${repository.m2}/maven2/org/apache/commons/commons-compress/1.18/commons-compress-1.17.jar"/>
 
     <!-- coverage libs -->
     <property name="jacoco.zip" location="${main.lib}/jacoco-0.8.1.zip"/>
@@ -588,6 +588,7 @@ under the License.
                 <include name="commons-codec-1.9*"/>
                 <include name="commons-codec-1.10*"/>
                 <include name="commons-compress-1.16*"/>
+                <include name="commons-compress-1.17*"/>
                 <include name="commons-collections4-4.1*"/>
                 <include name="commons-logging-1.1*.jar"/>
                 <include name="findbugs-noUpdateChecks-2.0.3*"/>
diff --git a/maven/poi-ooxml.pom b/maven/poi-ooxml.pom
index caadc9552..5b3ec7959 100644
--- a/maven/poi-ooxml.pom
+++ b/maven/poi-ooxml.pom
@@ -72,7 +72,7 @@
     <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-compress</artifactId>
-      <version>1.17</version>
+      <version>1.18</version>
     </dependency>
     <dependency>
       <groupId>com.github.virtuald</groupId>
diff --git a/sonar/ooxml/pom.xml b/sonar/ooxml/pom.xml
index e2a38e7ad..12b5395f5 100644
--- a/sonar/ooxml/pom.xml
+++ b/sonar/ooxml/pom.xml
@@ -152,7 +152,7 @@
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-compress</artifactId>
-			<version>1.17</version>
+			<version>1.18</version>
 		</dependency>
 		<dependency>
 			<groupId>com.github.virtuald</groupId>