You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@calcite.apache.org by "Scott Reynolds (Jira)" <ji...@apache.org> on 2022/02/27 02:51:00 UTC
[jira] [Created] (CALCITE-5025) Update commons-io:commons-io Directory Travesal vulnerabliltiy
Scott Reynolds created CALCITE-5025:
---------------------------------------
Summary: Update commons-io:commons-io Directory Travesal vulnerabliltiy
Key: CALCITE-5025
URL: https://issues.apache.org/jira/browse/CALCITE-5025
Project: Calcite
Issue Type: Bug
Reporter: Scott Reynolds
Calcite depends commons-io:commons-io 2.4 – which was released on {{2012-06-12}} -- which can be exploited to access parent directories. In recent months, there have been a fair number of releases for this package and [Synk lists this as the only vulnerability it has seen|https://snyk.io/vuln/maven:commons-io:commons-io].
Task is simple, bump the version to 2.7 or higher -- if I may suggest just going to 2.11.0.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)