[ https://issues.apache.org/jira/browse/FOP-3051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17511145#comment-17511145 ]
Simon Steiner commented on FOP-3051: ------------------------------------ You can exclude commons-io from fop in your pom file <dependency> <groupId>xx</groupId> <artifactId>xx</artifactId> <version>xx</version> <exclusions> <exclusion> <groupId>xx</groupId> <artifactId>xx</artifactId> </exclusion> </exclusions> </dependency> > Upgrade to Commons IO 2.11 > -------------------------- > > Key: FOP-3051 > URL: https://issues.apache.org/jira/browse/FOP-3051 > Project: FOP > Issue Type: Bug > Reporter: PJ Fanning > Assignee: Simon Steiner > Priority: Major > Fix For: trunk > > > [https://mvnrepository.com/artifact/org.apache.xmlgraphics/xmlgraphics-commons/2.7] > v2.7 depends on a commons-io release that has a CVE > -- This message was sent by Atlassian Jira (v8.20.1#820001)