[CALCITE-5025] Upgrade commons-io version from 2.4 to 2.11.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.30.0
Component/s: None
Labels:
- pull-request-available

Description

Calcite depends commons-io:commons-io 2.4 – which was released on 2012-06-12 – which can be exploited to access parent directories. In recent months, there have been a fair number of releases for this package and Synk lists this as the only vulnerability it has seen.

Task is simple, bump the version to 2.7 or higher – if I may suggest just going to 2.11.0.

Attachments

Issue Links

links to

GitHub Pull Request #2734

Activity

People

Assignee:: Scott Reynolds

Reporter:: Scott Reynolds

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 27/Feb/22 02:50

Updated:: 19/Mar/22 09:14

Resolved:: 28/Feb/22 11:14

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m