Hello Surendra, You will need to update to Commons IO 2.7 or later, the current version is 2.11.0.
Commons IO 2.4 is based on Java 6, see https://commons.apache.org/proper/commons-io/ for which version requires which Java version. There is no currently planned support for old versions of Commons IO based on Java 6 or 7. Gary On Mon, Dec 13, 2021 at 6:08 AM Surendra Pulukuri < [email protected]> wrote: > Hi Team, > > As per this security vulnerability CVE-2021-29425, we are using commons-io > v2.4 as a 3rd party application in our code base (Java1.7 compatible), to > move to latest version of commons-io where the security vulnerability > CVE-2021-29425 has fixed starting from v2.7 OR v2.11.0 both are Java 1.8 > compatible. > > Is there any way to use v2.6(the final version commons-io which is > compatible with Java 1.7) with security vulnerability CVE-2021-29425 in it? > Or is there any plans to make security vulnerability CVE-2021-29425 fix on > commons-io v2.6? > > Please guide us. This is blocking our patch to customers. > > Thanks, > Surendra >
