From CVE-2024-3094 XZ Backdoor: All you need to know:

Fortunately, the malicious code was discovered quickly by the OSS community and managed to infect only two of the most recent versions of the package, 5.6.0 and 5.6.1, which were released within the past month.

-------------------
Sat Apr 06 19:45:51 [bash:5.2.15 jobs:0 error:0 time:0]
jj5@charisma:/home/jj5
$ xz --version
xz (XZ Utils) 5.4.1
liblzma 5.4.1
-------------------