You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Brandon Williams (Jira)" <ji...@apache.org> on 2022/02/09 14:22:00 UTC
[jira] [Updated] (CASSANDRA-17364) dependency on commons-io is to 2.6 which has a CVE
[ https://issues.apache.org/jira/browse/CASSANDRA-17364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brandon Williams updated CASSANDRA-17364:
-----------------------------------------
Change Category: Operability
Complexity: Low Hanging Fruit
Component/s: Build
Fix Version/s: 4.x
Status: Open (was: Triage Needed)
> dependency on commons-io is to 2.6 which has a CVE
> --------------------------------------------------
>
> Key: CASSANDRA-17364
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17364
> Project: Cassandra
> Issue Type: Improvement
> Components: Build
> Reporter: PJ Fanning
> Priority: Normal
> Fix For: 4.x
>
>
> Can this be upgraded, ideally to v2.11.0?
> [https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.0.1]
> [https://github.com/apache/cassandra/blob/trunk/build.xml#L510]
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org