[
https://issues.apache.org/jira/browse/MNG-7533?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606275#comment-17606275
]
Michael Osipov commented on MNG-7533:
-------------------------------------
[~khmarbaise] , I think here is nothing to fix. 3.9.0 and master exclude
commons-io already. The JAR isn't on the classpath.
> jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with
> maven v3.8.6
> --------------------------------------------------------------------------------------
>
> Key: MNG-7533
> URL: https://issues.apache.org/jira/browse/MNG-7533
> Project: Maven
> Issue Type: Bug
> Environment: Production
> Reporter: John Roddy
> Priority: Major
> Fix For: 3.9.0, waiting-for-feedback, wontfix-candidate
>
> Attachments: MicrosoftTeams-image (5).png
>
>
> jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with
> maven v3.8.6. We're using the latest for maven which is v3.8.6. Please
> upgrade jar to the latest to remediate the Prisma vulnerability associated
> with maven v3.8.6. Thank you!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
