[jira] [Commented] (CAY-2893) Update velocity-engine-core dependency

Kelly Mercier-White (Jira) Thu, 04 Sep 2025 05:00:24 -0700


    [ 
https://issues.apache.org/jira/browse/CAY-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18018057#comment-18018057
 ]


Kelly Mercier-White commented on CAY-2893:
------------------------------------------

Thanks for the resolution [~ntimofeev].

Do we have any estimate on when 4.2.3 might be released with this component 
updated?

> Update velocity-engine-core dependency
> --------------------------------------
>
>                 Key: CAY-2893
>                 URL: https://issues.apache.org/jira/browse/CAY-2893
>             Project: Cayenne
>          Issue Type: Improvement
>            Reporter: Kelly Mercier-White
>            Assignee: Nikita Timofeev
>            Priority: Major
>             Fix For: 4.2.3, 5.0-M2
>
>
> The current velocity-engine-core version pulls a vulnerable commons-io 
> package. Upgrading velocity-engine-core to 2.4.0/2.4.1 would resolve this.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CAY-2893) Update velocity-engine-core dependency

Reply via email to