[
https://issues.apache.org/jira/browse/MNG-7513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17567335#comment-17567335
]
Michael Osipov commented on MNG-7513:
-------------------------------------
Whatever PSE exception...Upgrade to 2.7 cannot happen in 3.8.7 because we have
Java 7 baseline. Any upgrade of Commons IO requires Java 8. Therefore, you need
to solve the problem yourself. I recommend you to check whether a 3.9.0
snapshot fixes the issue. I am certain it does.
> Address commons-io_commons-io vulnerability found in maven latest version
> -------------------------------------------------------------------------
>
> Key: MNG-7513
> URL: https://issues.apache.org/jira/browse/MNG-7513
> Project: Maven
> Issue Type: Task
> Affects Versions: 3.8.6
> Reporter: Polu Ram Charan Teja
> Priority: Major
>
> In the maven latest version 3.8.6 one dependency is identified with known
> vulnerabilities in commons-io-2.6.jar CVE-2021-29425. so please suggest if
> you have plan to upgrade commons-io to latest version as we are getting
> impacted due to security checks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
