Re: maven file management uses vulnerable commons-io

Derek Cordeiro Mon, 28 Oct 2024 21:25:48 -0700

I'm not using it directly. Its a dependency to jacoco maven 
plugin(https://mvnrepository.com/artifact/org.jacoco/jacoco-maven-plugin/0.8.12)
 that we use to generate reports.


Best,
Derek
________________________________
From: Tamás Cservenák <ta...@cservenak.net>
Sent: Tuesday, October 29, 2024 3:00 AM
To: Maven Users List <users@maven.apache.org>
Subject: Re: maven file management uses vulnerable commons-io

Sorry for the noise, but isn't file-management deprecated?
We just don't want yet-another-burden to maintain...

Derek, what do you use from file-management?

Thanks
T

On Mon, Oct 28, 2024 at 9:46 PM Slawomir Jaranowski
<s.jaranow...@gmail.com> wrote:
>
> Hi,
>
> Thanks for the info.
>
> I have added to my release queue. I will release it in my free time.
>
> On Mon, 28 Oct 2024 at 18:16, Derek Cordeiro <de...@outlook.in> wrote:
> >
> > Hello,
> >
> > We use jacoco that uses maven file management 3.1.0 
> > (https://mvnrepository.com/artifact/org.apache.maven.shared/file-management/3.1.0)
> >  and got a report that it is using a vulnerable version of commons-io. I 
> > see that the current branch in github already has a much newer version of 
> > commons-io. Will a new version be released soon?
> >
> > Best,
> > Derek
> >
>
>
> --
> Sławomir Jaranowski
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
> For additional commands, e-mail: users-h...@maven.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org

Re: maven file management uses vulnerable commons-io

Reply via email to