[
https://issues.apache.org/jira/browse/WW-5131?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart resolved WW-5131.
-------------------------------
Resolution: Fixed
> Upgrade commons-io to version 2.9
> ---------------------------------
>
> Key: WW-5131
> URL: https://issues.apache.org/jira/browse/WW-5131
> Project: Struts 2
> Issue Type: Dependency
> Reporter: Lukasz Lenart
> Priority: Major
> Fix For: 2.6
>
>
> Apache Commons IO 2.6 has a known vulnerability CVE-2021-29425 - yet upgrade
> requires to use Java 8 which can be only done in Struts 2.6.
> Users os Struts 2.5.x should upgrade commons-io manually when running on Java
> 8.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)