Hi NIST, Gary Gregory here from the Apache Commons project, reporting that https://nvd.nist.gov/vuln/detail/CVE-2025-48976#match-16814623 lists version 2.0.0-M4 as vulnerable when it fixes the issue.
Our ticket: https://issues.apache.org/jira/browse/FILEUPLOAD-361 TY, Gary --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
