[jira] [Closed] (CALCITE-5025) Upgrade commons-io version from 2.4 to 2.11.0

Liya Fan (Jira) Sat, 19 Mar 2022 02:15:06 -0700


     [ 
https://issues.apache.org/jira/browse/CALCITE-5025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Liya Fan closed CALCITE-5025.
-----------------------------

Resolved in release 1.30.0 (2022-03-20)

> Upgrade commons-io version from 2.4 to 2.11.0
> ---------------------------------------------
>
>                 Key: CALCITE-5025
>                 URL: https://issues.apache.org/jira/browse/CALCITE-5025
>             Project: Calcite
>          Issue Type: Bug
>            Reporter: Scott Reynolds
>            Assignee: Scott Reynolds
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.30.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Calcite depends commons-io:commons-io 2.4 – which was released on 
> {{2012-06-12}} -- which can be exploited to access parent directories. In 
> recent months, there have been a fair number of releases for this package and 
> [Synk lists this as the only vulnerability it has 
> seen|https://snyk.io/vuln/maven:commons-io:commons-io].
> Task is simple, bump the version to 2.7 or higher -- if I may suggest just 
> going to 2.11.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Closed] (CALCITE-5025) Upgrade commons-io version from 2.4 to 2.11.0

Reply via email to