Skip to:

Skip to Jira Navigation
Skip to Side Navigation
Skip to Main Content

update image extension commons-io

Description

The image extension bundles commons-io 2.11.0 which is subject to CVE-2024-47554 (showing up on docker scout https://hub.docker.com/layers/lucee/lucee/6.2.0.142-SNAPSHOT-nginx/images/sha256-d3f8b136909b31c0c2c203df30f8e3aaf4c9c4ea7246e4694b6120d704b386cc?context=repo )

https://github.com/lucee/extension-image/tree/master/source/java/libs

Lucee bundles 2.16.0 (latest is 2.17.0)

is commons-io required for the image extension? It's not in the manifest

https://github.com/lucee/extension-image/blob/master/source/java/src/META-INF/MANIFEST.MF

Activity

Show:

Zac Spitzer last week

https://github.com/lucee/extension-image/pull/31

Details
Assignee
Zac Spitzer
Reporter
Zac Spitzer
Labels
image
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
6.2.1
Priority
New

Created 30 October 2024 at 12:08

Updated last week

Flag notifications

Something's gone wrong

Looks like you've been signed out. Try logging in again.

Something's gone wrong

Looks like you've been signed out. Try logging in again.