You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Dennis Kieselhorst (Jira)" <ji...@apache.org> on 2023/07/09 18:17:00 UTC

[jira] [Commented] (FILEUPLOAD-343) Update Project Version

    [ https://issues.apache.org/jira/browse/FILEUPLOAD-343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17741409#comment-17741409 ] 

Dennis Kieselhorst commented on FILEUPLOAD-343:
-----------------------------------------------

To be resolved, release 1.5 is out for a while.

> Update Project Version
> ----------------------
>
>                 Key: FILEUPLOAD-343
>                 URL: https://issues.apache.org/jira/browse/FILEUPLOAD-343
>             Project: Commons FileUpload
>          Issue Type: Wish
>            Reporter: Gabryel Monteiro
>            Priority: Minor
>
> Hello,
>  
> It seems the last released version was released three years ago as 1.4. It seems to be really sad, as there are further updates in the repository that are not reflected in this release.
> One of those problems would be the fact that the commons-io version in the version 1.4 is a vulnerable one, that has a CVE. This doesn't happen in the main repository.
> It would be very interesting that you could upload a version 1.5 of the library in the current state, so other projects could use a more recent version and be more protected. At the moment I am using the io.github.openfeign.form:feign-form-spring library and I have to manually override the commons-io version, so the problem is avoided.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)