This is an automated email from the ASF dual-hosted git repository.
zabetak pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/calcite.git
The following commit(s) were added to refs/heads/master by this push:
new 20ca53c [CALCITE-5025] Upgrade commons-io version from 2.4 to 2.11.0
20ca53c is described below
commit 20ca53c962b1642ac4cda32ffdf1294042e951a8
Author: Scott Reynolds <sreyno...@twilio.com>
AuthorDate: Sat Feb 26 18:51:48 2022 -0800
[CALCITE-5025] Upgrade commons-io version from 2.4 to 2.11.0
commons-io versions before 2.7 suffer from CVE-2021-29425 which allows
to traverse into the parent directory.
Update to a more recent version to avoid the afforementioned security
vulnerability and benefit from the other improvements in this library.
Close apache/calcite#2734
---
gradle.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gradle.properties b/gradle.properties
index b010dca..76e3b7e 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -87,7 +87,7 @@ cassandra-unit.version=4.3.1.0
chinook-data-hsqldb.version=0.1
commons-codec.version=1.13
commons-dbcp2.version=2.6.0
-commons-io.version=2.4
+commons-io.version=2.11.0
commons-lang3.version=3.8
commons-pool2.version=2.6.2
dropwizard-metrics.version=4.0.5
