You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@commons.apache.org by Rob Tompkins <ch...@apache.org> on 2017/06/14 12:55:49 UTC

[ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

The Apache Commons Team is pleased to announce the release of Apache Commons
FileUpload 1.3.3.

The Apache Commons FileUpload library parses HTTP requests which conform to RFC
1867, "Form-based File Upload in HTML." That is, if an HTTP request is
submitted using the POST method, and with a content type of
"multipart/form-data," then FileUpload can parse that request, and make the
results available in a manner easily used by the caller.

The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can
no longer be deserialized, unless a particular system property is set," a fix
for the purposes of security.

Source and binary distributions are available for download from the Apache
Commons download site:
  http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi

When downloading, please verify signatures using the KEYS file available at the
above location when downloading the release.

Alternatively the release can be pulled via maven:
  <groupId>commons-fileupload</groupId>
  <artifactId>commons-fileupload</artifactId>
  <version>1.3.3</version>

The release notes can be reviewed at:
  http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt

For complete information on Commons FileUpload, including instructions on how 
to submit bug reports, patches, or suggestions for improvement, see the Apache
Commons FileUpload website:

http://commons.apache.org/proper/commons-fileupload/

Best regards,
Rob Tompkins
on behalf of the Apache Commons community
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Posted by Dennis Kieselhorst <de...@apache.org>.

Hi,

can you trigger an update of the pattern on https://nvd.nist.gov/vuln/detail/CVE-2016-1000031 somehow? Currently OWASP dependency check still considers 1.3.3 as insecure.

Cheers
Dennis

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Posted by "Bruno P. Kinoshita" <br...@yahoo.com.br.INVALID>.

Thanks Rob!

Bruno

________________________________
From: Rob Tompkins <ch...@gmail.com>
To: Commons Developers List <de...@commons.apache.org>; Bruno P. Kinoshita <br...@yahoo.com.br> 
Sent: Thursday, 15 June 2017 11:39 PM
Subject: Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.




> On Jun 15, 2017, at 6:08 AM, Bruno P. Kinoshita <br...@yahoo.com.br.INVALID> wrote:
> 
> A trivial issue, but I found that going to the Xref report link it works fine [1]. However, if you go to the Checkstyle report [2], and then click on any of the links to line numbers (e.g. [3]) you get a 404.
> 
> Had a quick look if there was some configuration in the maven plug-in that could help (with the help of Eclipse auto complete), or if I could find someone with similar issue (mainly google + stack overflow), but no obvious solution. Commons Cli was released recently too, and the xref links in Checkstyle are working fine. Will try to compare the configurations tomorrow, but happy if anyone beats me to it (-:
> 
> Cheers
> 
> Bruno
> 
> [1] https://commons.apache.org/proper/commons-fileupload/xref/index.html
> [2] https://commons.apache.org/proper/commons-fileupload/checkstyle.html#src.main.java.org.apache.commons.fileupload.MultipartStream.java[3] https://commons.apache.org/proper/commons-fileupload/xref/src/main/java/org/apache/commons/fileupload/MultipartStream.html#232
> 
> 
> ps: if someone recreates the site from master branch, I fixed the issues, so the report will be - hopefully - empty

Fixed, and added site deployment from the build.

-Rob

> ________________________________
> From: Rob Tompkins <ch...@apache.org>
> To: announce@apache.org; Commons Developers List <de...@commons.apache.org>; Commons Users List <us...@commons.apache.org> 
> Sent: Thursday, 15 June 2017 12:56 AM
> Subject: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
> 
> 
> 
> The Apache Commons Team is pleased to announce the release of Apache Commons
> 
> FileUpload 1.3.3.
> 
> 
> The Apache Commons FileUpload library parses HTTP requests which conform to RFC
> 
> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
> 
> submitted using the POST method, and with a content type of
> 
> "multipart/form-data," then FileUpload can parse that request, and make the
> 
> results available in a manner easily used by the caller.
> 
> 
> The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can
> 
> no longer be deserialized, unless a particular system property is set," a fix
> 
> for the purposes of security.
> 
> 
> Source and binary distributions are available for download from the Apache
> 
> Commons download site:
> 
>  http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi
> 
> 
> When downloading, please verify signatures using the KEYS file available at the
> 
> above location when downloading the release.
> 
> 
> Alternatively the release can be pulled via maven:
> 
>  <groupId>commons-fileupload</groupId>
> 
>  <artifactId>commons-fileupload</artifactId>
> 
>  <version>1.3.3</version>
> 
> 
> The release notes can be reviewed at:
> 
>  http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt
> 
> 
> For complete information on Commons FileUpload, including instructions on how 
> 
> to submit bug reports, patches, or suggestions for improvement, see the Apache
> 
> Commons FileUpload website:
> 
> 
> http://commons.apache.org/proper/commons-fileupload/
> 
> 
> Best regards,
> 
> Rob Tompkins
> 
> on behalf of the Apache Commons community
> 
> ---------------------------------------------------------------------
> 
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> 
> For additional commands, e-mail: dev-help@commons.apache.org

> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Posted by Rob Tompkins <ch...@gmail.com>.

> On Jun 15, 2017, at 6:08 AM, Bruno P. Kinoshita <br...@yahoo.com.br.INVALID> wrote:
> 
> A trivial issue, but I found that going to the Xref report link it works fine [1]. However, if you go to the Checkstyle report [2], and then click on any of the links to line numbers (e.g. [3]) you get a 404.
> 
> Had a quick look if there was some configuration in the maven plug-in that could help (with the help of Eclipse auto complete), or if I could find someone with similar issue (mainly google + stack overflow), but no obvious solution. Commons Cli was released recently too, and the xref links in Checkstyle are working fine. Will try to compare the configurations tomorrow, but happy if anyone beats me to it (-:
> 
> Cheers
> 
> Bruno
> 
> [1] https://commons.apache.org/proper/commons-fileupload/xref/index.html
> [2] https://commons.apache.org/proper/commons-fileupload/checkstyle.html#src.main.java.org.apache.commons.fileupload.MultipartStream.java[3] https://commons.apache.org/proper/commons-fileupload/xref/src/main/java/org/apache/commons/fileupload/MultipartStream.html#232
> 
> 
> ps: if someone recreates the site from master branch, I fixed the issues, so the report will be - hopefully - empty

Fixed, and added site deployment from the build.

-Rob

> ________________________________
> From: Rob Tompkins <ch...@apache.org>
> To: announce@apache.org; Commons Developers List <de...@commons.apache.org>; Commons Users List <us...@commons.apache.org> 
> Sent: Thursday, 15 June 2017 12:56 AM
> Subject: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
> 
> 
> 
> The Apache Commons Team is pleased to announce the release of Apache Commons
> 
> FileUpload 1.3.3.
> 
> 
> The Apache Commons FileUpload library parses HTTP requests which conform to RFC
> 
> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
> 
> submitted using the POST method, and with a content type of
> 
> "multipart/form-data," then FileUpload can parse that request, and make the
> 
> results available in a manner easily used by the caller.
> 
> 
> The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can
> 
> no longer be deserialized, unless a particular system property is set," a fix
> 
> for the purposes of security.
> 
> 
> Source and binary distributions are available for download from the Apache
> 
> Commons download site:
> 
>  http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi
> 
> 
> When downloading, please verify signatures using the KEYS file available at the
> 
> above location when downloading the release.
> 
> 
> Alternatively the release can be pulled via maven:
> 
>  <groupId>commons-fileupload</groupId>
> 
>  <artifactId>commons-fileupload</artifactId>
> 
>  <version>1.3.3</version>
> 
> 
> The release notes can be reviewed at:
> 
>  http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt
> 
> 
> For complete information on Commons FileUpload, including instructions on how 
> 
> to submit bug reports, patches, or suggestions for improvement, see the Apache
> 
> Commons FileUpload website:
> 
> 
> http://commons.apache.org/proper/commons-fileupload/
> 
> 
> Best regards,
> 
> Rob Tompkins
> 
> on behalf of the Apache Commons community
> 
> ---------------------------------------------------------------------
> 
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> 
> For additional commands, e-mail: dev-help@commons.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Posted by "Bruno P. Kinoshita" <br...@yahoo.com.br.INVALID>.

A trivial issue, but I found that going to the Xref report link it works fine [1]. However, if you go to the Checkstyle report [2], and then click on any of the links to line numbers (e.g. [3]) you get a 404.

Had a quick look if there was some configuration in the maven plug-in that could help (with the help of Eclipse auto complete), or if I could find someone with similar issue (mainly google + stack overflow), but no obvious solution. Commons Cli was released recently too, and the xref links in Checkstyle are working fine. Will try to compare the configurations tomorrow, but happy if anyone beats me to it (-:

Cheers

Bruno

[1] https://commons.apache.org/proper/commons-fileupload/xref/index.html
[2] https://commons.apache.org/proper/commons-fileupload/checkstyle.html#src.main.java.org.apache.commons.fileupload.MultipartStream.java[3] https://commons.apache.org/proper/commons-fileupload/xref/src/main/java/org/apache/commons/fileupload/MultipartStream.html#232


ps: if someone recreates the site from master branch, I fixed the issues, so the report will be - hopefully - empty
________________________________
From: Rob Tompkins <ch...@apache.org>
To: announce@apache.org; Commons Developers List <de...@commons.apache.org>; Commons Users List <us...@commons.apache.org> 
Sent: Thursday, 15 June 2017 12:56 AM
Subject: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.



The Apache Commons Team is pleased to announce the release of Apache Commons

FileUpload 1.3.3.


The Apache Commons FileUpload library parses HTTP requests which conform to RFC

1867, "Form-based File Upload in HTML." That is, if an HTTP request is

submitted using the POST method, and with a content type of

"multipart/form-data," then FileUpload can parse that request, and make the

results available in a manner easily used by the caller.


The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can

no longer be deserialized, unless a particular system property is set," a fix

for the purposes of security.


Source and binary distributions are available for download from the Apache

Commons download site:

  http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi


When downloading, please verify signatures using the KEYS file available at the

above location when downloading the release.


Alternatively the release can be pulled via maven:

  <groupId>commons-fileupload</groupId>

  <artifactId>commons-fileupload</artifactId>

  <version>1.3.3</version>


The release notes can be reviewed at:

  http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt


For complete information on Commons FileUpload, including instructions on how 

to submit bug reports, patches, or suggestions for improvement, see the Apache

Commons FileUpload website:


http://commons.apache.org/proper/commons-fileupload/


Best regards,

Rob Tompkins

on behalf of the Apache Commons community

---------------------------------------------------------------------

To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org

For additional commands, e-mail: dev-help@commons.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Posted by Gary Gregory <ga...@gmail.com>.

Then maybe we need to document the fact that our code is still based on the
old RFC (is it?) and that we welcome contributions to modernize to the new
RFC...

On Jun 14, 2017 7:07 AM, "Julian Reschke" <ju...@gmx.de> wrote:

> ...
>
>> The Apache Commons FileUpload library parses HTTP requests which conform
>> to RFC
>> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
>> submitted using the POST method, and with a content type of
>> "multipart/form-data," then FileUpload can parse that request, and make
>> the
>> results available in a manner easily used by the caller.
>>
> ...
>
> FWIW, the definition has been update (at least) twice since. The current
> specification is https://tools.ietf.org/html/rfc7578.
>
> Best regards, Julian
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Posted by Gary Gregory <ga...@gmail.com>.

Then maybe we need to document the fact that our code is still based on the
old RFC (is it?) and that we welcome contributions to modernize to the new
RFC...

On Jun 14, 2017 7:07 AM, "Julian Reschke" <ju...@gmx.de> wrote:

> ...
>
>> The Apache Commons FileUpload library parses HTTP requests which conform
>> to RFC
>> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
>> submitted using the POST method, and with a content type of
>> "multipart/form-data," then FileUpload can parse that request, and make
>> the
>> results available in a manner easily used by the caller.
>>
> ...
>
> FWIW, the definition has been update (at least) twice since. The current
> specification is https://tools.ietf.org/html/rfc7578.
>
> Best regards, Julian
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Posted by Julian Reschke <ju...@gmx.de>.

...
> The Apache Commons FileUpload library parses HTTP requests which conform to RFC
> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
> submitted using the POST method, and with a content type of
> "multipart/form-data," then FileUpload can parse that request, and make the
> results available in a manner easily used by the caller.
...

FWIW, the definition has been update (at least) twice since. The current 
specification is https://tools.ietf.org/html/rfc7578.

Best regards, Julian

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Posted by Julian Reschke <ju...@gmx.de>.

...
> The Apache Commons FileUpload library parses HTTP requests which conform to RFC
> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
> submitted using the POST method, and with a content type of
> "multipart/form-data," then FileUpload can parse that request, and make the
> results available in a manner easily used by the caller.
...

FWIW, the definition has been update (at least) twice since. The current 
specification is https://tools.ietf.org/html/rfc7578.

Best regards, Julian

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org