[jira] [Closed] (CAY-2893) Update velocity-engine-core dependency

Nikita Timofeev (Jira) Wed, 27 Aug 2025 08:07:49 -0700


     [ 
https://issues.apache.org/jira/browse/CAY-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Nikita Timofeev closed CAY-2893.
--------------------------------
    Fix Version/s: 4.2.3
                   5.0-M2
         Assignee: Nikita Timofeev
       Resolution: Fixed

*5.0*: 
https://github.com/apache/cayenne/commit/a563b9782bbdcf50566c1d763d151df6942edb50
*4.2*: 
https://github.com/apache/cayenne/commit/5488fe4e93c3f22dbb079e2ee703afb01d288dfb

> Update velocity-engine-core dependency
> --------------------------------------
>
>                 Key: CAY-2893
>                 URL: https://issues.apache.org/jira/browse/CAY-2893
>             Project: Cayenne
>          Issue Type: Improvement
>            Reporter: Kelly Mercier-White
>            Assignee: Nikita Timofeev
>            Priority: Major
>             Fix For: 4.2.3, 5.0-M2
>
>
> The current velocity-engine-core version pulls a vulnerable commons-io 
> package. Upgrading velocity-engine-core to 2.4.0/2.4.1 would resolve this.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (CAY-2893) Update velocity-engine-core dependency

Reply via email to