[
https://issues.apache.org/jira/browse/CALCITE-5025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stamatis Zampetakis resolved CALCITE-5025.
------------------------------------------
Resolution: Fixed
Fixed in
https://github.com/apache/calcite/commit/20ca53c962b1642ac4cda32ffdf1294042e951a8.
Thanks for the PR [~ScottReynolds]!
> Upgrade commons-io version from 2.4 to 2.11.0
> ---------------------------------------------
>
> Key: CALCITE-5025
> URL: https://issues.apache.org/jira/browse/CALCITE-5025
> Project: Calcite
> Issue Type: Bug
> Reporter: Scott Reynolds
> Assignee: Scott Reynolds
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.30.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Calcite depends commons-io:commons-io 2.4 – which was released on
> {{2012-06-12}} -- which can be exploited to access parent directories. In
> recent months, there have been a fair number of releases for this package and
> [Synk lists this as the only vulnerability it has
> seen|https://snyk.io/vuln/maven:commons-io:commons-io].
> Task is simple, bump the version to 2.7 or higher -- if I may suggest just
> going to 2.11.0.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
