You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@felix.apache.org by "Akanksha Jain (Jira)" <ji...@apache.org> on 2021/03/03 08:41:00 UTC

[jira] [Commented] (FELIX-6391) Update embedded commons-io to 2.8.0

    [ https://issues.apache.org/jira/browse/FELIX-6391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17294376#comment-17294376 ] 

Akanksha Jain commented on FELIX-6391:
--------------------------------------

[~cziegeler]
Updated Apache Commons IO latest version - 2.8.0 in Apache Felix Http Jetty
PR: https://github.com/apache/felix-dev/pull/72

Request you to review it, and if it looks fine, Please merge it to master.

> Update embedded commons-io to 2.8.0
> -----------------------------------
>
>                 Key: FELIX-6391
>                 URL: https://issues.apache.org/jira/browse/FELIX-6391
>             Project: Felix
>          Issue Type: Bug
>          Components: HTTP Service
>    Affects Versions: http.jetty-4.1.4
>            Reporter: Akanksha Jain
>            Priority: Major
>             Fix For: http.jetty-4.1.6
>
>         Attachments: sonatype-2018-0705.png
>
>
> Apache Felix Http Jetty: 4.1.4 has embedded commons-io.2.6.jar which is vulnerable to 
> "sonatype-2018-0705". 
> The vulnerability has been fixed in commons-io: 2.7.
> Related Commons-io JIRA: https://issues.apache.org/jira/browse/IO-556
> Need to update commons-io latest version in Apache Felix HTTP Jetty module.
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)