This is an automated email from the ASF dual-hosted git repository. zabetak pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/calcite.git
The following commit(s) were added to refs/heads/master by this push: new 20ca53c [CALCITE-5025] Upgrade commons-io version from 2.4 to 2.11.0 20ca53c is described below commit 20ca53c962b1642ac4cda32ffdf1294042e951a8 Author: Scott Reynolds <sreyno...@twilio.com> AuthorDate: Sat Feb 26 18:51:48 2022 -0800 [CALCITE-5025] Upgrade commons-io version from 2.4 to 2.11.0 commons-io versions before 2.7 suffer from CVE-2021-29425 which allows to traverse into the parent directory. Update to a more recent version to avoid the afforementioned security vulnerability and benefit from the other improvements in this library. Close apache/calcite#2734 --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index b010dca..76e3b7e 100644 --- a/gradle.properties +++ b/gradle.properties @@ -87,7 +87,7 @@ cassandra-unit.version=4.3.1.0 chinook-data-hsqldb.version=0.1 commons-codec.version=1.13 commons-dbcp2.version=2.6.0 -commons-io.version=2.4 +commons-io.version=2.11.0 commons-lang3.version=3.8 commons-pool2.version=2.6.2 dropwizard-metrics.version=4.0.5