Apache commons-io version update

[trcoelho]

By using Spring boot 3.4.2 and Spring Cloud (2024.0.0) one of its dependencies is Apache Commons IO (2.11.0). Any schedule to update to its lates considering that 2.11.0 version got a CVE (https://mvnrepository.com/artifact/commons-io/commons-io/2.11.0)?

More details:
GHSA-78wr-2p64-hpwj

Thanks in advance.

[OlgaMaciaszek]

Hello @trcoelho, thanks for reporting the issue. It looks like the version is actually brought about by feign-form-spring. I'll add an exclusion, since we're also adding 2.18.0 explicitly.