[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [io] Black Duck apparently sees vulnerability in 2.5

On Wed, 16 May 2018 07:33:54 -0700, Otto Fowler wrote:
Is there a PMC for IO?

There is a PMC for all of "Commons".
Components are unequal wrt the number of contributors (and
attention they get from the PMC).


On May 16, 2018 at 02:24:44, Stefan Bodewig (bodewig@xxxxxxxxxx) wrote:

Hi all

https://issues.apache.org/jira/browse/IO-559 says BlackDuck would call IO 2.5 vulnerable because of this issue - so far I've not been able to verify this claim. I guess it is because of IO-556 that has been closed
as a duplicate of IO-559.

There is a PR (by me) to fix the bug
https://github.com/apache/commons-io/pull/52 - as this is my first
contribution to IO I'd appreciate if anybody else could spare some time
and verify it. I'll rebase it onto master soon.

Also, would there be any reason to not cut a new release from master? I
mean is there any work in progress that needs to be finished?


To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxxxx