[
https://issues.apache.org/jira/browse/FILEUPLOAD-343?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gary D. Gregory closed FILEUPLOAD-343.
--------------------------------------
Fix Version/s: 1.5
Resolution: Fixed
> Update Project Version
> ----------------------
>
> Key: FILEUPLOAD-343
> URL: https://issues.apache.org/jira/browse/FILEUPLOAD-343
> Project: Commons FileUpload
> Issue Type: Wish
> Reporter: Gabryel Monteiro
> Priority: Minor
> Fix For: 1.5
>
>
> Hello,
>
> It seems the last released version was released three years ago as 1.4. It
> seems to be really sad, as there are further updates in the repository that
> are not reflected in this release.
> One of those problems would be the fact that the commons-io version in the
> version 1.4 is a vulnerable one, that has a CVE. This doesn't happen in the
> main repository.
> It would be very interesting that you could upload a version 1.5 of the
> library in the current state, so other projects could use a more recent
> version and be more protected. At the moment I am using the
> io.github.openfeign.form:feign-form-spring library and I have to manually
> override the commons-io version, so the problem is avoided.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
