This is unlikely to happen for only a dependency update, and also since it is simple to override in Maven, Ivy, and so on. Recall that we are volunteers here where each person spends their valuable time as they best see fit ;-)
Gary On Wed, Dec 7, 2022, 10:49 Dennis Kieselhorst <d...@apache.org> wrote: > Hi folks, > > would it be possible to release Commons Fileupload 1.4.1? 1.4 still > contains commons-io 2.2 and requires to explicitly exclude it > (CVE-2021-29425). > > Thanks, > Dennis > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
