[MNG-7507] Upgrade commons io to 2.7 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Closed
Priority: Major
Resolution: Won't Fix
Affects Version/s: 3.8.6
Fix Version/s: None
Component/s: Dependencies
Labels:
None

Description

Maven 3.8.6 distributes ./apache-maven-3.8.6/lib/commons-io-2.6.jar. This jar is vulnerable to CVE-2021-29425.

Are there plans to upgrade to commons io 2.7 in the next version of maven ?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Peter Bower

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 30/Jun/22 16:30

Updated:: 30/Jun/22 16:34

Resolved:: 30/Jun/22 16:34