You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tapestry.apache.org by bo...@apache.org on 2014/03/03 17:06:22 UTC

[3/3] git commit: 5.3 branch: Fixed TAP5-2295 (denial of service vulnerability due to commons-file-upload) by upgrading commons-file-upload from 1.2.2 to 1.3.1, which also required upgrading commons-io from 2.0.1 to 2.2.

5.3 branch: Fixed TAP5-2295 (denial of service vulnerability due to
commons-file-upload) by upgrading commons-file-upload from 1.2.2 to
1.3.1, which also required upgrading commons-io from 2.0.1 to 2.2.

Project: http://git-wip-us.apache.org/repos/asf/tapestry-5/repo
Commit: http://git-wip-us.apache.org/repos/asf/tapestry-5/commit/8834c7db
Tree: http://git-wip-us.apache.org/repos/asf/tapestry-5/tree/8834c7db
Diff: http://git-wip-us.apache.org/repos/asf/tapestry-5/diff/8834c7db

Branch: refs/heads/5.3
Commit: 8834c7dbe170f141f042108a4f0b57fb0263beff
Parents: 826babf
Author: Bob Harner <bo...@apache.org>
Authored: Mon Mar 3 11:06:07 2014 -0500
Committer: Bob Harner <bo...@apache.org>
Committed: Mon Mar 3 11:06:07 2014 -0500

----------------------------------------------------------------------
 tapestry-upload/build.gradle                          |  4 ++--
 .../upload/internal/services/StubFileItem.java        | 14 +++++++++++++-
 2 files changed, 15 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/8834c7db/tapestry-upload/build.gradle
----------------------------------------------------------------------
diff --git a/tapestry-upload/build.gradle b/tapestry-upload/build.gradle
index d34da2f..283fd46 100644
--- a/tapestry-upload/build.gradle
+++ b/tapestry-upload/build.gradle
@@ -2,8 +2,8 @@ description = "File Upload component, with supporting services"
 
 dependencies {
   compile project(':tapestry-core')
-  compile "commons-fileupload:commons-fileupload:1.2.2"
-  compile "commons-io:commons-io:2.0.1"
+  compile "commons-fileupload:commons-fileupload:1.3.1"
+  compile "commons-io:commons-io:2.2"
   provided "javax.servlet:servlet-api:${versions.servletapi}"
 
   testCompile project(':tapestry-test')

http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/8834c7db/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/StubFileItem.java
----------------------------------------------------------------------
diff --git a/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/StubFileItem.java b/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/StubFileItem.java
index 6ad93a6..5fc1554 100755
--- a/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/StubFileItem.java
+++ b/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/StubFileItem.java
@@ -1,4 +1,4 @@
-// Copyright 2007, 2008 The Apache Software Foundation
+// Copyright 2007-2014 The Apache Software Foundation
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 package org.apache.tapestry5.upload.internal.services;
 
 import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemHeaders;
 
 import java.io.*;
 
@@ -131,4 +132,15 @@ public class StubFileItem implements FileItem
     {
         return isDeleted;
     }
+
+    /* unused method but required by FileItem interface */
+    public FileItemHeaders getHeaders()
+    {
+        return null;
+    }
+
+    /* unused method but required by FileItem interface */
+    public void setHeaders(FileItemHeaders headers)
+    {
+    }
 }