Hi all https://issues.apache.org/jira/browse/IO-559 says BlackDuck would call IO 2.5 vulnerable because of this issue - so far I've not been able to verify this claim. I guess it is because of IO-556 that has been closed as a duplicate of IO-559.
There is a PR (by me) to fix the bug https://github.com/apache/commons-io/pull/52 - as this is my first contribution to IO I'd appreciate if anybody else could spare some time and verify it. I'll rebase it onto master soon. Also, would there be any reason to not cut a new release from master? I mean is there any work in progress that needs to be finished? Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
