Details
-
Dependency
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Apache Commons IO 2.6 has a known vulnerability CVE-2021-29425 - yet upgrade requires to use Java 8 which can be only done in Struts 2.6.
Users os Struts 2.5.x should upgrade commons-io manually when running on Java 8.