Details
-
Dependency upgrade
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
3.8.6
-
None
-
None
Description
Maven 3.8.6 distributes ./apache-maven-3.8.6/lib/commons-io-2.6.jar. This jar is vulnerable to CVE-2021-29425.
Are there plans to upgrade to commons io 2.7 in the next version of maven ?