You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by bt...@apache.org on 2018/08/21 02:44:52 UTC
[3/5] james-project git commit: JAMES-2426 Update commons-compress to
1.18
JAMES-2426 Update commons-compress to 1.18
This fixes CVE-2018-11771 which reported a denial of service.
>From CVE announcement:
When reading a specially crafted ZIP archive, the read method of
ZipArchiveInputStream can fail to return the correct EOF indication
after the end of the stream has been reached. When combined with a
java.io.InputStreamReader this can lead to an infinite stream, which
can be used to mount a denial of service attack against services that
use Compress' zip package.
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/82c630b5
Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/82c630b5
Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/82c630b5
Branch: refs/heads/master
Commit: 82c630b5ec633d5720861790b5616f77ba844b0e
Parents: bec7e45
Author: Benoit Tellier <bt...@linagora.com>
Authored: Fri Aug 17 10:54:06 2018 +0700
Committer: Benoit Tellier <bt...@linagora.com>
Committed: Tue Aug 21 09:42:39 2018 +0700
----------------------------------------------------------------------
mailbox/backup/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/james-project/blob/82c630b5/mailbox/backup/pom.xml
----------------------------------------------------------------------
diff --git a/mailbox/backup/pom.xml b/mailbox/backup/pom.xml
index 7118ae5..82cc587 100644
--- a/mailbox/backup/pom.xml
+++ b/mailbox/backup/pom.xml
@@ -63,7 +63,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
- <version>1.17</version>
+ <version>1.18</version>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org