Scott Reynolds created CALCITE-5025: ---------------------------------------
Summary: Update commons-io:commons-io Directory Travesal vulnerabliltiy Key: CALCITE-5025 URL: https://issues.apache.org/jira/browse/CALCITE-5025 Project: Calcite Issue Type: Bug Reporter: Scott Reynolds Calcite depends commons-io:commons-io 2.4 – which was released on {{2012-06-12}} -- which can be exploited to access parent directories. In recent months, there have been a fair number of releases for this package and [Synk lists this as the only vulnerability it has seen|https://snyk.io/vuln/maven:commons-io:commons-io]. Task is simple, bump the version to 2.7 or higher -- if I may suggest just going to 2.11.0. -- This message was sent by Atlassian Jira (v8.20.1#820001)