[ https://issues.apache.org/jira/browse/MNG-7513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17567676#comment-17567676 ]
Sylwester Lachiewicz commented on MNG-7513: ------------------------------------------- we do not deliver commons-io.jar with maven dist. Could you specify what exactly dependency pull this commons-io (maybe screenshot with dependency tree?) > Address commons-io_commons-io vulnerability found in maven latest version > ------------------------------------------------------------------------- > > Key: MNG-7513 > URL: https://issues.apache.org/jira/browse/MNG-7513 > Project: Maven > Issue Type: Task > Affects Versions: 3.8.6 > Reporter: Polu Ram Charan Teja > Priority: Major > > In the maven latest version 3.8.6 one dependency is identified with known > vulnerabilities in commons-io-2.6.jar CVE-2021-29425. so please suggest if > you have plan to upgrade commons-io to latest version as we are getting > impacted due to security checks -- This message was sent by Atlassian Jira (v8.20.10#820010)