From 35c301bd555a0b790b2d6621ed2eff0f3bdbf400 Mon Sep 17 00:00:00 2001
From: Gerald Palfinger <gerald.palfinger@iaik.tugraz.at>
Date: Thu, 16 Dec 2021 16:25:40 +0100
Subject: Update commons-io

---
 pdf-as-lib/build.gradle      | 2 +-
 pdf-as-pdfbox-2/build.gradle | 2 +-
 pdf-as-web/build.gradle      | 2 ++
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/pdf-as-lib/build.gradle b/pdf-as-lib/build.gradle
index 6adbcc7e..cf15a9c8 100644
--- a/pdf-as-lib/build.gradle
+++ b/pdf-as-lib/build.gradle
@@ -70,7 +70,7 @@ dependencies {
 	api group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1'
 	api group: 'com.google.code.gson', name: 'gson', version: '2.8.6'
 	api group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.6'
-	api group: 'commons-io', name: 'commons-io', version: '2.8'
+	api group: 'commons-io', name: 'commons-io', version: '2.8.0'
 	api group: 'org.glassfish.jaxb', name: 'jaxb-runtime', version: '2.3.3'
 	api 'org.apache.commons:commons-collections4:4.4'
 	api group: 'ognl', name: 'ognl', version: '3.2.19'
diff --git a/pdf-as-pdfbox-2/build.gradle b/pdf-as-pdfbox-2/build.gradle
index cb5ff296..606ebc70 100644
--- a/pdf-as-pdfbox-2/build.gradle
+++ b/pdf-as-pdfbox-2/build.gradle
@@ -36,7 +36,7 @@ dependencies {
 	api group: 'org.apache.pdfbox', name: 'pdfbox', version: '2.0.24'
 	api group: 'org.apache.pdfbox', name: 'pdfbox-tools', version: '2.0.24'
 	api group: 'org.apache.pdfbox', name: 'preflight', version: '2.0.24'
-	implementation group: 'commons-io', name: 'commons-io', version: '2.8'
+	implementation group: 'commons-io', name: 'commons-io', version: '2.8.0'
 	implementation group: 'ognl', name: 'ognl', version: '3.2.19'
 	testImplementation group: 'junit', name: 'junit', version: '4.+'
 	
diff --git a/pdf-as-web/build.gradle b/pdf-as-web/build.gradle
index 3d43861b..4752ed67 100644
--- a/pdf-as-web/build.gradle
+++ b/pdf-as-web/build.gradle
@@ -52,6 +52,8 @@ dependencies {
 	api project (':pdf-as-web-status')
 	api project (':pdf-as-web-statistic-api')
 	api group: 'commons-fileupload', name: 'commons-fileupload', version: '1.4'
+	// Upgrade dependency of commons-fileupload from 2.2 to 2.8.0 to avoid CVE-2021-29425
+	api group: 'commons-io', name: 'commons-io', version: '2.8.0'
 	api group: 'opensymphony', name: 'sitemesh', version: '2.4.2'
 	api group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1'
     api group: 'javax.xml.ws', name: 'jaxws-api', version: '2.3.1'
-- 
cgit v1.2.3