You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Brandon Williams (Jira)" <ji...@apache.org> on 2022/02/09 14:22:00 UTC

[jira] [Updated] (CASSANDRA-17364) dependency on commons-io is to 2.6 which has a CVE

     [ https://issues.apache.org/jira/browse/CASSANDRA-17364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brandon Williams updated CASSANDRA-17364:
-----------------------------------------
    Change Category: Operability
         Complexity: Low Hanging Fruit
        Component/s: Build
      Fix Version/s: 4.x
             Status: Open  (was: Triage Needed)

> dependency on commons-io is to 2.6 which has a CVE
> --------------------------------------------------
>
>                 Key: CASSANDRA-17364
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17364
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Build
>            Reporter: PJ Fanning
>            Priority: Normal
>             Fix For: 4.x
>
>
> Can this be upgraded, ideally to v2.11.0?
> [https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.0.1]
> [https://github.com/apache/cassandra/blob/trunk/build.xml#L510]
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org