Closed epischel closed 2 years ago
I’m curious - what are the issues with commons-io
I ask as I’ve just had to revert from 2.11 to 2.8 because of issues with the method relating to directory lists.
On 26 Apr 2022, at 07:43, Erik Pischel @.***> wrote:
There is a 0.7.9 version out with at least commons-io and http-client libs upgraded to avoid vulnerabilities.
I can't see this comming from this repo. Is 0.7.9 official?
— Reply to this email directly, view it on GitHub https://github.com/harwey/cups4j/issues/61, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE4Z2TSCQZC2V7FFQITYDCTVG6GBHANCNFSM5UKYSKVA. You are receiving this because you are subscribed to this thread.
https://issues.apache.org/jira/projects/IO/issues/IO-755?filter=allopenissues https://issues.apache.org/jira/projects/IO/issues/IO-755?filter=allopenissues
David Garratt @.***
www.commander4j.com
Please consider your environmental responsibility before printing emails.
On 26 Apr 2022, at 08:36, Erik Pischel @.***> wrote:
commons-io 2.6 has a CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425 — Reply to this email directly, view it on GitHub https://github.com/harwey/cups4j/issues/61#issuecomment-1109452411, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE4Z2TVL2LGHM3PGLTY745DVG6MHTANCNFSM5UKYSKVA. You are receiving this because you commented.
Dependencies: cups4j 0.7.8 vs cups4j 0.7.9
I published this Version on April 2.
Thank you
There is a 0.7.9 version out with at least commons-io and http-client libs upgraded to avoid vulnerabilities.
I can't see this comming from this repo. Is 0.7.9 official?