[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[io] Black Duck apparently sees vulnerability in 2.5

Hi all

https://issues.apache.org/jira/browse/IO-559 says BlackDuck would call
IO 2.5 vulnerable because of this issue - so far I've not been able to
verify this claim. I guess it is because of IO-556 that has been closed
as a duplicate of IO-559.

There is a PR (by me) to fix the bug
https://github.com/apache/commons-io/pull/52 - as this is my first
contribution to IO I'd appreciate if anybody else could spare some time
and verify it. I'll rebase it onto master soon.

Also, would there be any reason to not cut a new release from master? I
mean is there any work in progress that needs to be finished?


To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxxxx