On 09/07/2021 15:11, Daniel Wille wrote:
Hi all,
I recently noted that commons-fileupload:commons-fileupload:1.4 has a
dependency on commons-io:commons-io:2.2, which has a CVE (CVE-2021-29425).
This could be mitigated by simply updating the dependency version to 2.7 or
later. Would it be possible to publish a newer version of
commons-fileupload with these changes?
Mitigate what?
Commons FileUpload doesn't use the code in Commons IO affected by
CVE-2021-29425.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
