Apache Commons IO Security Update: CVE-2021-29425

Description

Apache Commons IO has a CVE recommending updating to 2.7 or higher. I've marked this as a minor priority since we do not use the affected API directly (FileNameUtils.normalize) but without auditing everything dependencies do, it's best to upgrade just in case.

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Benjamin Reed May 5, 2021 at 8:43 PM

fixed in foundation-2018

Fixed

Details
Assignee
Benjamin Reed
Reporter
Benjamin Reed
Labels
horizon-sprint
Sprint
None
Fix versions
Meridian-2018.1.28
Meridian-2019.1.19
Meridian-2020.1.8
27.2.0
Affects versions
Meridian-2018.1.27
Meridian-2019.1.18
Meridian-2020.1.7
27.1.1
Priority
Minor

PagerDuty

Created May 5, 2021 at 7:15 PM

Updated May 18, 2021 at 7:47 PM

Resolved May 5, 2021 at 8:43 PM

Apache Commons IO Security Update: CVE-2021-29425

Description

Acceptance / Success Criteria

Lucidchart Diagrams

Activity

Benjamin Reed May 5, 2021 at 8:43 PM

DetailsAssigneeBenjamin ReedBenjamin ReedReporterBenjamin ReedBenjamin ReedLabelshorizon-sprintSprintNone+1Fix versionsMeridian-2018.1.28Meridian-2019.1.19Meridian-2020.1.827.2.0Affects versionsMeridian-2018.1.27Meridian-2019.1.18Meridian-2020.1.727.1.1PriorityMinor

Details

Assignee

Reporter

Labels

Sprint

Fix versions

Affects versions

Priority

PagerDutyPagerDuty Incident

PagerDuty

Details
Assignee
Benjamin Reed
Reporter
Benjamin Reed
Labels
horizon-sprint
Sprint
None
Fix versions
Meridian-2018.1.28
Meridian-2019.1.19
Meridian-2020.1.8
27.2.0
Affects versions
Meridian-2018.1.27
Meridian-2019.1.18
Meridian-2020.1.7
27.1.1
Priority
Minor

PagerDuty