[ 
https://issues.apache.org/jira/browse/WW-5131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17354226#comment-17354226
 ] 

ASF subversion and git services commented on WW-5131:
-----------------------------------------------------

Commit afab15b591071e094baf9657b748827458ae41dc in struts's branch 
refs/heads/master from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=afab15b ]

WW-5131 Upgrades commons-io to version 2.9.0


> Upgrade commons-io to version 2.9
> ---------------------------------
>
>                 Key: WW-5131
>                 URL: https://issues.apache.org/jira/browse/WW-5131
>             Project: Struts 2
>          Issue Type: Dependency
>            Reporter: Lukasz Lenart
>            Priority: Major
>             Fix For: 2.6
>
>
> Apache Commons IO 2.6 has a known vulnerability CVE-2021-29425 - yet upgrade 
> requires to use Java 8 which can be only done in Struts 2.6. 
> Users os Struts 2.5.x should upgrade commons-io manually when running on Java 
> 8.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to