[jira] [Commented] (CASSANDRA-17364) dependency on commons-io is to 2.6 which has a CVE

Brandon Williams (Jira) Thu, 06 Apr 2023 13:56:08 -0700


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17709498#comment-17709498
 ]


Brandon Williams commented on CASSANDRA-17364:
----------------------------------------------

Finally got back around this, but I come bearing:

||Branch||CI||
|[trunk|https://github.com/driftx/cassandra/tree/CASSANDRA-17364-trunk]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/967/workflows/1fda9e69-ddcf-43c4-b1e1-d7df368fc648],
 
[j11|https://app.circleci.com/pipelines/github/driftx/cassandra/967/workflows/62aeeef8-e419-4d0c-8246-bc2b3068c7ad]|

Perfectly clean CI on 2.11.0.

> dependency on commons-io is to 2.6 which has a CVE
> --------------------------------------------------
>
>                 Key: CASSANDRA-17364
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17364
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Build
>            Reporter: PJ Fanning
>            Assignee: Brandon Williams
>            Priority: Normal
>             Fix For: 5.x
>
>
> Can this be upgraded, ideally to v2.11.0?
> [https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.0.1]
> [https://github.com/apache/cassandra/blob/trunk/build.xml#L510]
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Commented] (CASSANDRA-17364) dependency on commons-io is to 2.6 which has a CVE

Reply via email to