Damien Diederen created ZOOKEEPER-4343:
------------------------------------------
Summary: OWASP Dependency-Check fails with CVE-2021-29425,
commons-io-2.6
Key: ZOOKEEPER-4343
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4343
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.8.0
Reporter: Damien Diederen
Assignee: Damien Diederen
{noformat}
[ERROR] One or more dependencies were identified with vulnerabilities that have
a CVSS score greater than or equal to '0,0':
[ERROR]
[ERROR] commons-io-2.6.jar: CVE-2021-29425
[ERROR]
[ERROR] See the dependency-check report for more details.
{noformat}
The issue is fixed in release 2.7:
- https://nvd.nist.gov/vuln/detail/CVE-2021-29425
- https://issues.apache.org/jira/browse/IO-556
- https://issues.apache.org/jira/browse/IO-559
- https://commons.apache.org/proper/commons-io/changes-report.html#a2.7
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
