[
https://issues.apache.org/jira/browse/FELIX-6391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17294377#comment-17294377
]
Carsten Ziegeler commented on FELIX-6391:
-----------------------------------------
Thanks [~akanksha88] - i've updated the title of this issue as the mentioned
method from IO-556 is not used in http.jetty and therefore the release is not
vulnerable to the mentioned issues. The packages are not available to other
bundles, so there is no risk
Nevertheless, we should update
> Update embedded commons-io to 2.8.0
> -----------------------------------
>
> Key: FELIX-6391
> URL: https://issues.apache.org/jira/browse/FELIX-6391
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Affects Versions: http.jetty-4.1.4
> Reporter: Akanksha Jain
> Priority: Major
> Fix For: http.jetty-4.1.6
>
> Attachments: sonatype-2018-0705.png
>
>
> Apache Felix Http Jetty: 4.1.4 has embedded commons-io.2.6.jar which is
> vulnerable to
> "sonatype-2018-0705".
> The vulnerability has been fixed in commons-io: 2.7.
> Related Commons-io JIRA: https://issues.apache.org/jira/browse/IO-556
> Need to update commons-io latest version in Apache Felix HTTP Jetty module.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
