[jira] [Created] (HDDS-5185) Update commons-io to 2.8.0

Wei-Chiu Chuang (Jira) Tue, 04 May 2021 01:56:06 -0700

Wei-Chiu Chuang created HDDS-5185:
-------------------------------------

             Summary: Update commons-io to 2.8.0
                 Key: HDDS-5185
                 URL: https://issues.apache.org/jira/browse/HDDS-5185
             Project: Apache Ozone
          Issue Type: Task
            Reporter: Wei-Chiu Chuang



Similar to HADOOP-17683 we should update despite we don't use the vulnerable 
API.

https://nvd.nist.gov/vuln/detail/CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method 
FileNameUtils.normalize with an improper input string, like "//../foo", or 
"\\..\foo", the result would be the same value, thus possibly providing access 
to files in the parent directory, but not further above (thus "limited" path 
traversal), if the calling code would use the result to construct a path value.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (HDDS-5185) Update commons-io to 2.8.0

Reply via email to