Peter Bower created MNG-7507:
--------------------------------
Summary: Upgrade commons io to 2.7
Key: MNG-7507
URL: https://issues.apache.org/jira/browse/MNG-7507
Project: Maven
Issue Type: Dependency upgrade
Components: Dependencies
Affects Versions: 3.8.6
Reporter: Peter Bower
Maven 3.8.6 distributes ./apache-maven-3.8.6/lib/commons-io-2.6.jar. This jar
is vulnerable to CVE-2021-29425.
Are there plans to upgrade to commons io 2.7 in the next version of maven ?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
