[jira] [Resolved] (SLING-11202) Replace commons-io version - version 2.6

Robert Munteanu (Jira) Mon, 14 Mar 2022 03:21:08 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-11202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Munteanu resolved SLING-11202.
-------------------------------------
    Resolution: Won't Fix

Thanks for the report [~namigupt]. We only use commons-io at compile time, so 
there is no need for us to update. Applications deploying the bundle should 
make sure they use updated versions of the commons-io bundle.

Also, your second CVE link points to a JUnit issue, not a commons-io one.

> Replace commons-io version - version 2.6 
> -----------------------------------------
>
>                 Key: SLING-11202
>                 URL: https://issues.apache.org/jira/browse/SLING-11202
>             Project: Sling
>          Issue Type: Improvement
>          Components: XSS Protection API
>            Reporter: Namit Gupta
>            Priority: Major
>
> Replace commons-io version 2.6 with version 2.11 to overcome the security 
> vulnerabilities:
>  # [CVE - CVE-2021-29425 
> (mitre.org)|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425]
>  # [CVE - CVE-2020-15250 
> (mitre.org)|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (SLING-11202) Replace commons-io version - version 2.6

Reply via email to