Fix CVE-2024-47554 for apache-commons-io (#10708)

microsoft · Oct 15, 2024 · 4517ec0 · 4517ec0
1 parent ca21053
commit 4517ec0
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 19 deletions.
diff --git a/SPECS-EXTENDED/apache-commons-io/apache-commons-io-build.xml b/SPECS-EXTENDED/apache-commons-io/apache-commons-io-build.xml
@@ -10,7 +10,7 @@
 
   <property name="project.groupId" value="commons-io"/>
   <property name="project.artifactId" value="commons-io"/>
-  <property name="project.version" value="2.8.0"/>
+  <property name="project.version" value="2.14.0"/>
   <property name="project.name" value="Apache Commons IO"/>
   <property name="project.description" value="The Apache Commons IO library 
 contains utility classes, stream implementations, file filters, 

diff --git a/SPECS-EXTENDED/apache-commons-io/apache-commons-io.signatures.json b/SPECS-EXTENDED/apache-commons-io/apache-commons-io.signatures.json
@@ -1,7 +1,7 @@
 {
  "Signatures": {
-  "apache-commons-io-build.xml": "3661f04824b5f93033dfc9f993a97f1435ff467f7e3cf5e2846f2d63a690ad3b",
-  "commons-io-2.8.0-src.tar.gz": "1e44c2b038bf825526305f0320b2e24dce039f399968326aab30c475ab765612",
-  "commons-io-2.8.0-src.tar.gz.asc": "5df617e9034a4e31cf7671af111edae1537dd14dc8d5e2fa4392a038f912df61"
+  "apache-commons-io-build.xml": "d7daa228b59ff41d5917745a77732bd31dc38dc1cea4edf1f65879c8ab82c4a2",
+  "commons-io-2.14.0-src.tar.gz": "306d53e907f491b9ac6b0e74e6ad9d8cbc0cf1b024cfb21df59a0c486fd181bc",
+  "commons-io-2.14.0-src.tar.gz.asc": "e46f87969e7accfa80aa194207c47d213730bc2427fb8ce7affbbfef5c3d1ec5"
  }
 }
diff --git a/SPECS-EXTENDED/apache-commons-io/apache-commons-io.spec b/SPECS-EXTENDED/apache-commons-io/apache-commons-io.spec
@@ -22,8 +22,8 @@ Distribution:   Mariner
 %define short_name      commons-%{base_name}
 %bcond_with tests
 Name:           apache-%{short_name}
-Version:        2.8.0
-Release:        2%{?dist}
+Version:        2.14.0
+Release:        1%{?dist}
 Summary:        Utilities to assist with developing IO functionality
 License:        Apache-2.0
 Group:          Development/Libraries/Java
@@ -93,6 +93,10 @@ cp -pr target/site/apidocs/* %{buildroot}%{_javadocdir}/%{name}
 %doc %{_javadocdir}/%{name}
 
 %changelog
+* Mon Oct 7 2024 Bhagyashri Pathak <[email protected]> - 2.14.0-1
+- Upgrade to 2.14.0 to fix the CVE-2024-47554.
+- License verified
+
 * Thu Oct 14 2021 Pawel Winogrodzki <[email protected]> - 2.8.0-2
 - Converting the 'Release' tag to the '[number].[distribution]' format.
 

diff --git a/SPECS-EXTENDED/apache-commons-io/commons-io-2.14.0-src.tar.gz.asc b/SPECS-EXTENDED/apache-commons-io/commons-io-2.14.0-src.tar.gz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEELbTx7w+nYezE6pNchv3H4qESYssFAmURZkQACgkQhv3H4qES
+YssmAAf+Opr906UCvufO2/ncd3Q2RuJDC24WoUlK8t18yNLTXcG1ZhxtqHn0ms/l
+D59OwQQaerBr2f/Y4dB1WLTg/XIrgtbmjImKk0iOXwVirb5etdXdnLUXf3oRvJG+
+C98BB26kY4QPYmRzQMFdf6AVRMZvva51c+u7zrKDOC0/VlxYPY8UlYQfCJ6Uyxqu
+TMUwQ1/cfSr65DIQui/X/RM09tGcyItb2wScZlGSq7FqtYNUj6GYAEZqhPeG74pq
+5xC19viyCGnTLO8LRaqmzmqidMPcYc95GqO9BiQDcI393qZJsq9GSxMwvIPcVJNp
+l6oNdUcPRxIf0yFJm47dmFtEeM4KXg==
+=+Thz
+-----END PGP SIGNATURE-----
diff --git a/SPECS-EXTENDED/apache-commons-io/commons-io-2.8.0-src.tar.gz.asc b/SPECS-EXTENDED/apache-commons-io/commons-io-2.8.0-src.tar.gz.asc
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -375,8 +375,8 @@
         "type": "other",
         "other": {
           "name": "apache-commons-io",
-          "version": "2.8.0",
-          "downloadUrl": "https://archive.apache.org/dist/commons/io/source/commons-io-2.8.0-src.tar.gz"
+          "version": "2.14.0",
+          "downloadUrl": "https://archive.apache.org/dist/commons/io/source/commons-io-2.14.0-src.tar.gz"
         }
       }
     },