[jira] [Closed] (MNG-7507) Upgrade commons io to 2.7

Michael Osipov (Jira) Thu, 30 Jun 2022 09:35:05 -0700


     [ 
https://issues.apache.org/jira/browse/MNG-7507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Michael Osipov closed MNG-7507.
-------------------------------
    Resolution: Won't Fix

Upgrade won't happen. Maven 3.8.x uses Java 7 while Commons IO 2.7 requires 
Java 8.

> Upgrade commons io to 2.7
> -------------------------
>
>                 Key: MNG-7507
>                 URL: https://issues.apache.org/jira/browse/MNG-7507
>             Project: Maven
>          Issue Type: Dependency upgrade
>          Components: Dependencies
>    Affects Versions: 3.8.6
>            Reporter: Peter Bower
>            Priority: Major
>
>  Maven 3.8.6 distributes ./apache-maven-3.8.6/lib/commons-io-2.6.jar. This 
> jar is vulnerable to CVE-2021-29425.
> Are there plans to upgrade to commons io 2.7 in the next version of maven ?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (MNG-7507) Upgrade commons io to 2.7

Reply via email to