From 69ce1623147a1f86a4423170d3028016790c381b Mon Sep 17 00:00:00 2001 From: Zach Chuba Date: Tue, 3 Dec 2024 15:40:31 -0500 Subject: [PATCH] Bump commons-io version to 2.18.0 Addresses a potential ReDos security vulnerability with commons-io --- distribution/server/src/assemble/LICENSE.bin.txt | 2 +- distribution/shell/src/assemble/LICENSE.bin.txt | 2 +- pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 21422a41dcef9..ae7ffaa7fc9e3 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -285,7 +285,7 @@ The Apache Software License, Version 2.0 - commons-cli-commons-cli-1.5.0.jar - commons-codec-commons-codec-1.15.jar - commons-configuration-commons-configuration-1.10.jar - - commons-io-commons-io-2.14.0.jar + - commons-io-commons-io-2.18.0.jar - commons-lang-commons-lang-2.6.jar - commons-logging-commons-logging-1.1.1.jar - org.apache.commons-commons-collections4-4.4.jar diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt b/distribution/shell/src/assemble/LICENSE.bin.txt index a21c272f91b1d..0b3809431df1c 100644 --- a/distribution/shell/src/assemble/LICENSE.bin.txt +++ b/distribution/shell/src/assemble/LICENSE.bin.txt @@ -340,7 +340,7 @@ The Apache Software License, Version 2.0 * Apache Commons - commons-codec-1.15.jar - commons-configuration-1.10.jar - - commons-io-2.14.0.jar + - commons-io-2.18.0.jar - commons-lang-2.6.jar - commons-logging-1.2.jar - commons-lang3-3.11.jar diff --git a/pom.xml b/pom.xml index 54744a253bb2b..34ba8e909d4ea 100644 --- a/pom.xml +++ b/pom.xml @@ -218,7 +218,7 @@ flexible messaging model and an intuitive client API. 2.12.1 3.11 1.10 - 2.14.0 + 2.18.0 1.15 2.1.6 2.1.9