[jira] [Updated] (CASSANDRA-17364) dependency on commons-io is to 2.6 which has a CVE

Brandon Williams (Jira) Thu, 06 Apr 2023 13:55:12 -0700


     [ 
https://issues.apache.org/jira/browse/CASSANDRA-17364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Brandon Williams updated CASSANDRA-17364:
-----------------------------------------
    Test and Documentation Plan: run CI
                         Status: Patch Available  (was: Open)

> dependency on commons-io is to 2.6 which has a CVE
> --------------------------------------------------
>
>                 Key: CASSANDRA-17364
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17364
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Build
>            Reporter: PJ Fanning
>            Assignee: Brandon Williams
>            Priority: Normal
>             Fix For: 5.x
>
>
> Can this be upgraded, ideally to v2.11.0?
> [https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.0.1]
> [https://github.com/apache/cassandra/blob/trunk/build.xml#L510]
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (CASSANDRA-17364) dependency on commons-io is to 2.6 which has a CVE

Reply via email to