You can add a new version of commons-io as a dependency of the plugin in this case This should reduce the noise of your scanning tool (as I guess it’s what you are naming as vulnerability :) )
On Tue, 29 Oct 2024 at 2:25 pm, Derek Cordeiro <de...@outlook.in> wrote: > I'm not using it directly. Its a dependency to jacoco maven plugin( > https://mvnrepository.com/artifact/org.jacoco/jacoco-maven-plugin/0.8.12) > that we use to generate reports. > > Best, > Derek > ________________________________ > From: Tamás Cservenák <ta...@cservenak.net> > Sent: Tuesday, October 29, 2024 3:00 AM > To: Maven Users List <users@maven.apache.org> > Subject: Re: maven file management uses vulnerable commons-io > > Sorry for the noise, but isn't file-management deprecated? > We just don't want yet-another-burden to maintain... > > Derek, what do you use from file-management? > > Thanks > T > > On Mon, Oct 28, 2024 at 9:46 PM Slawomir Jaranowski > <s.jaranow...@gmail.com> wrote: > > > > Hi, > > > > Thanks for the info. > > > > I have added to my release queue. I will release it in my free time. > > > > On Mon, 28 Oct 2024 at 18:16, Derek Cordeiro <de...@outlook.in> wrote: > > > > > > Hello, > > > > > > We use jacoco that uses maven file management 3.1.0 ( > https://mvnrepository.com/artifact/org.apache.maven.shared/file-management/3.1.0) > and got a report that it is using a vulnerable version of commons-io. I see > that the current branch in github already has a much newer version of > commons-io. Will a new version be released soon? > > > > > > Best, > > > Derek > > > > > > > > > -- > > Sławomir Jaranowski > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > > For additional commands, e-mail: users-h...@maven.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > >
