Well this is the change I'm particularly interested in to have clean
transitive dependencies but looking at the commit logs other useful
things happened as well. The last release happened in 2019. I understand
though that fileupload is implemented differently nowadays and
maintaining this project no longer is a priority.
Dennis
On 2022/12/07 16:01:48 Gary Gregory wrote:
> This is unlikely to happen for only a dependency update, and also
since it
> is simple to override in Maven, Ivy, and so on.
> Recall that we are volunteers here where each person spends their
> valuable time as they best see fit ;-)
>
> Gary
>
> On Wed, Dec 7, 2022, 10:49 Dennis Kieselhorst <de...@apache.org> wrote:
>
> > Hi folks,
> >
> > would it be possible to release Commons Fileupload 1.4.1? 1.4 still
> > contains commons-io 2.2 and requires to explicitly exclude it
> > (CVE-2021-29425).
> >
> > Thanks,
> > Dennis
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
