This is an automated email from the ASF dual-hosted git repository.
cbrisson pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/velocity-engine.git
The following commit(s) were added to refs/heads/master by this push:
new eda2e64 chore: update the version of commons-io
new 21f6df3 Merge pull request #19 from
prios-daniel-ranallo/update-commons-io
eda2e64 is described below
commit eda2e64fbfdc0f9db041fd4956f16e8cc94f430d
Author: prios-daniel-ranallo <[email protected]>
AuthorDate: Tue Feb 23 09:03:23 2021 -0800
chore: update the version of commons-io
There is a vulnerability CVSS V2: 7.1/AV:N/AC:M/Au:N/C:N/I:N/A:C fixed by
[commit](https://github.com/apache/commons-io/commit/97ae01c95837f50a2e9be34c370b271c4d8fc88b)
to commons-io which is shaded into the final jar for velocity. Upgrading
version to remove vulnerability.
---
README.md | 2 +-
velocity-custom-parser-example/pom.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 934b436..f8b0ec1 100644
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ plus the following ones, needed for the integrated tests:
* slf4j-simple v1.7.30
* junit v4.13
* hsqldb v2.5.0
-* commons-io 2.6
+* commons-io 2.8.0
At runtime, Velocity only needs:
diff --git a/velocity-custom-parser-example/pom.xml
b/velocity-custom-parser-example/pom.xml
index e165d1c..c7ea425 100644
--- a/velocity-custom-parser-example/pom.xml
+++ b/velocity-custom-parser-example/pom.xml
@@ -83,7 +83,7 @@
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
- <version>2.6</version>
+ <version>2.8.0</version>
</dependency>
</dependencies>
