[ https://issues.apache.org/jira/browse/FILEUPLOAD-347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17741407#comment-17741407 ]
Dennis Kieselhorst commented on FILEUPLOAD-347: ----------------------------------------------- This can be resolved as Release 1.5 is available for a while. > CVE in commons-io versions less than 2.7 > ----------------------------------------- > > Key: FILEUPLOAD-347 > URL: https://issues.apache.org/jira/browse/FILEUPLOAD-347 > Project: Commons FileUpload > Issue Type: Task > Affects Versions: 1.4 > Environment: java 17 on macos > Reporter: Michael Brewer > Priority: Major > Attachments: Screen Shot 2022-07-17 at 10.19.06 AM.png > > > Current version of commons-fileupload depends on common-io 2.2 which has a > medium level CVE. Looks like the github unreleased version is already using > the latest, so once this is released the CVE should go away. -- This message was sent by Atlassian Jira (v8.20.10#820010)