commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Otto Fowler <ottobackwa...@gmail.com>
Subject Re: [io] Black Duck apparently sees vulnerability in 2.5
Date Wed, 16 May 2018 14:33:54 GMT
Is there a PMC for IO?


On May 16, 2018 at 02:24:44, Stefan Bodewig (bodewig@apache.org) wrote:

Hi all

https://issues.apache.org/jira/browse/IO-559 says BlackDuck would call
IO 2.5 vulnerable because of this issue - so far I've not been able to
verify this claim. I guess it is because of IO-556 that has been closed
as a duplicate of IO-559.

There is a PR (by me) to fix the bug
https://github.com/apache/commons-io/pull/52 - as this is my first
contribution to IO I'd appreciate if anybody else could spare some time
and verify it. I'll rebase it onto master soon.

Also, would there be any reason to not cut a new release from master? I
mean is there any work in progress that needs to be finished?

Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message