AFAICT the CVE relates to FileNameUtils.normalize.
I suggest you compare the current code with the code in 2.6 and apply
any changes.
You can also look through the Github commit log for changes relating
to the file that contains the method.
On Fri, 17 Dec 2021 at 14:14, Gary Gregory wrote:
>
Hello Ravi,
It is technically possible but I personally do not want to take the time to
dig the repository on your behalf. I am sorry but I have other
priorities right now.
Gary
On Fri, Dec 17, 2021, 05:10 Ravi Yelamarthy
wrote:
> Hi Gary,
>
>
>
> Thanks for your mail.
>
>
>
> In almost all
Hi Gary,
Thanks for your mail.
In almost all versions of our Product we have upgraded commons-io to v2.11.0
which is latest. We have couple of old versions of our product where we still
support Java7 and here we need CVE-2021-29425 to be fixed in commons-io.
We can see that