[jira] [Updated] (CASSANDRA-17364) dependency on commons-io is to 2.6 which has a CVE

Brandon Williams (Jira) Wed, 12 Apr 2023 09:30:04 -0700


     [ 
https://issues.apache.org/jira/browse/CASSANDRA-17364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Brandon Williams updated CASSANDRA-17364:
-----------------------------------------
          Fix Version/s: 5.0
                             (was: 5.x)
    Source Control Link: 
https://github.com/apache/cassandra/commit/0ac60af9495cbf413a1964db4cbf45c3c47bfb06
             Resolution: Fixed
                 Status: Resolved  (was: Ready to Commit)

Thanks for the review! Committed.

> dependency on commons-io is to 2.6 which has a CVE
> --------------------------------------------------
>
>                 Key: CASSANDRA-17364
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17364
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Build
>            Reporter: PJ Fanning
>            Assignee: Brandon Williams
>            Priority: Normal
>             Fix For: 5.0
>
>
> Can this be upgraded, ideally to v2.11.0?
> [https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.0.1]
> [https://github.com/apache/cassandra/blob/trunk/build.xml#L510]
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (CASSANDRA-17364) dependency on commons-io is to 2.6 which has a CVE

Reply via email to