[jira] [Updated] (CASSANDRA-17364) dependency on commons-io is to 2.6 which has a CVE

Jira Wed, 12 Apr 2023 09:23:08 -0700


     [ 
https://issues.apache.org/jira/browse/CASSANDRA-17364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andres de la Peña updated CASSANDRA-17364:
------------------------------------------
    Status: Ready to Commit  (was: Review In Progress)

> dependency on commons-io is to 2.6 which has a CVE
> --------------------------------------------------
>
>                 Key: CASSANDRA-17364
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17364
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Build
>            Reporter: PJ Fanning
>            Assignee: Brandon Williams
>            Priority: Normal
>             Fix For: 5.x
>
>
> Can this be upgraded, ideally to v2.11.0?
> [https://mvnrepository.com/artifact/org.apache.cassandra/cassandra-all/4.0.1]
> [https://github.com/apache/cassandra/blob/trunk/build.xml#L510]
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Updated] (CASSANDRA-17364) dependency on commons-io is to 2.6 which has a CVE

Reply via email to