[FLINK-22747] Update commons-io to 2.8 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.12.4
Fix Version/s: 1.14.0, 1.12.5, 1.13.2
Component/s: Build System
Labels:
- pull-request-available

Description

commons-io 2.7 has known vulnerabilities that are detected in Flink by some tools. Even though it is unlikely that we use the mentioned class. We should upgrade it to make the tools happy.

Context:


VULNDB-239195
"Vendor Specific News/Changelog Entry
https://commons.apache.org/proper/commons-io/changes-report.html#a2.8.0
Vendor Specific Solution URL
https://github.com/apache/commons-io/commit/0de91c048fb575b9e7906e966a4428574fd03695
Vendor Specific Solution URL
https://github.com/apache/commons-io/commit/97ae01c95837f50a2e9be34c370b271c4d8fc88b
Bug Tracker
https://issues.apache.org/jira/browse/IO-675"

Attachments

Issue Links

links to

GitHub Pull Request #15989

Activity

People

Assignee:: Timo Walther

Reporter:: Timo Walther

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/May/21 14:25

Updated:: 28/Aug/21 12:12

Resolved:: 25/May/21 16:45