Hi Cayenne group, The cayenne velocity module seems to be using a vulnerable version of commons-io, via apache-velocity 2.3. An upgrade to 2.4.0/2.4.1 of velocity-core-engine would resolve this.
What would be the correct procedure to help get this updated? I've seen another thread about this topic from a different user, and I think what was recommended is simply to not use cayenne-velocity, but in our project we do some SQL templating which integrates well with it. Thank you, Kelly M-W
