who published 0.7.9?

[epischel]

There is a 0.7.9 version out with at least commons-io and http-client libs upgraded to avoid vulnerabilities.

I can't see this comming from this repo. Is 0.7.9 official?

[C4J]

I’m curious - what are the issues with commons-io

I ask as I’ve just had to revert from 2.11 to 2.8 because of issues with the method relating to directory lists.

On 26 Apr 2022, at 07:43, Erik Pischel @.***> wrote:

There is a 0.7.9 version out with at least commons-io and http-client libs upgraded to avoid vulnerabilities.

I can't see this comming from this repo. Is 0.7.9 official?

— Reply to this email directly, view it on GitHub https://github.com/harwey/cups4j/issues/61, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE4Z2TSCQZC2V7FFQITYDCTVG6GBHANCNFSM5UKYSKVA. You are receiving this because you are subscribed to this thread.

[epischel]

commons-io 2.6 has a CVE

[C4J]

https://issues.apache.org/jira/projects/IO/issues/IO-755?filter=allopenissues https://issues.apache.org/jira/projects/IO/issues/IO-755?filter=allopenissues

David Garratt @.***

www.commander4j.com

Please consider your environmental responsibility before printing emails.

On 26 Apr 2022, at 08:36, Erik Pischel @.***> wrote:

commons-io 2.6 has a CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425 — Reply to this email directly, view it on GitHub https://github.com/harwey/cups4j/issues/61#issuecomment-1109452411, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE4Z2TVL2LGHM3PGLTY745DVG6MHTANCNFSM5UKYSKVA. You are receiving this because you commented.

[epischel]

Dependencies: cups4j 0.7.8 vs cups4j 0.7.9

[harwey]

I published this Version on April 2.

[epischel]

Thank you