[MNG-7513] Address commons-io_commons-io vulnerability found in maven…

… latest version We can safely remove Commons IO altogether because it is not used in any direct or transitive usecase at compile time or runtime. This closes #771
apache · Dec 20, 2022 · ba058ee · ba058ee
1 parent 7db942b
commit ba058ee
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/pom.xml b/pom.xml
@@ -295,6 +295,13 @@ under the License.
         <groupId>org.apache.maven.shared</groupId>
         <artifactId>maven-shared-utils</artifactId>
         <version>3.3.4</version>
+        <exclusions>
+          <!-- We use org.apache.maven.shared.utils.logging only in Maven Core -->
+          <exclusion>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+          </exclusion>
+        </exclusions>
       </dependency>
       <dependency>
         <groupId>org.fusesource.jansi</groupId>