[
https://issues.apache.org/jira/browse/IO-474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14394653#comment-14394653
]
Bernd Eckenfels edited comment on IO-474 at 4/3/15 4:35 PM:
------------------------------------------------------------
This is a FileUtility which allows to write bytes to a file. This can certainly
be used wrongly in some conditions, but there is no inheritent security issue
in this place. Especially not related to XSS (as you would not use it for web
pages anyway).
Besides that, it would be good to do some research before dumping all those
veracode false positives into the apache bug tracker :-/ (and 2.4 is recent)
was (Author: b.eckenfels):
This is a FileUtility which allows to write bytes to a file. This can certainly
be used wrongly in some conditions, but there is no inheritent security issue
in this place. Especially not related to XSS (as you would not use it for web
pages anyway).
Besides that, it would be good to do some research before dumping all those
veracode false positives into the apache bug tracker :-/
> veracode scan points cross site scripting vulnerability at
> org/.../commons/io/FileUtils.java 2095.
> ----------------------------------------------------------------------------------------------------
>
> Key: IO-474
> URL: https://issues.apache.org/jira/browse/IO-474
> Project: Commons IO
> Issue Type: Bug
> Affects Versions: 2.4
> Environment: Linux
> Reporter: Ananth
>
> We use commons-io-2.4.jar. Recently our veracode scan points cross site
> scripting vulnerability at org/.../commons/io/FileUtils.java 2095. Do we have
> a recent version that addresses this issue
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
