HI Colleagues ,
Any updates you may have would be greatly appreciated.
Best Regards
Randeep
From: Singh, Randeep
Sent: May 27, 2021 7:45 pm
To: user@commons.apache.org
Subject: Security issue in commons-fileup.load version 1.4 .
HI All,
This is regarding one of security issue that is reported
Le ven. 28 mai 2021 à 18:42, Jurrie Overgoor a écrit :
>> [...]
> [...]
>
> In the end this would all be 'fixed' when a release would be less work.
> At the risk of igniting a fierce discussion: why are Apache releases so
> much work?
Perhaps not so much work but, effectively in the "Commons"
On 27-05-2021 18:05, Mark Thomas wrote:
On 27/05/2021 16:29, Matt Sicker wrote:
As the user, you have ultimate control over transitive dependency
versions that end up in your application. Using Maven, for example,
you can override the commons-fileupload dependency on commons-io to
the latest
On 27/05/2021 16:29, Matt Sicker wrote:
As the user, you have ultimate control over transitive dependency
versions that end up in your application. Using Maven, for example,
you can override the commons-fileupload dependency on commons-io to
the latest release. I don't think anyone here wants to
As the user, you have ultimate control over transitive dependency
versions that end up in your application. Using Maven, for example,
you can override the commons-fileupload dependency on commons-io to
the latest release. I don't think anyone here wants to go through an
entire release for a
HI All,
This is regarding one of security issue that is reported in our component which
is coming from commons-io (2.2) lib transitive dependency via
commons-fileupload .
It seems this is fixed in commons-io (2.7) or above, Hence would it be
possible to bump version of commons-io to 2.8 or
