You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@commons.apache.org by Rob Tompkins <ch...@apache.org> on 2017/06/14 12:55:49 UTC
[ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
The Apache Commons Team is pleased to announce the release of Apache Commons
FileUpload 1.3.3.
The Apache Commons FileUpload library parses HTTP requests which conform to RFC
1867, "Form-based File Upload in HTML." That is, if an HTTP request is
submitted using the POST method, and with a content type of
"multipart/form-data," then FileUpload can parse that request, and make the
results available in a manner easily used by the caller.
The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can
no longer be deserialized, unless a particular system property is set," a fix
for the purposes of security.
Source and binary distributions are available for download from the Apache
Commons download site:
http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi
When downloading, please verify signatures using the KEYS file available at the
above location when downloading the release.
Alternatively the release can be pulled via maven:
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.3</version>
The release notes can be reviewed at:
http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt
For complete information on Commons FileUpload, including instructions on how
to submit bug reports, patches, or suggestions for improvement, see the Apache
Commons FileUpload website:
http://commons.apache.org/proper/commons-fileupload/
Best regards,
Rob Tompkins
on behalf of the Apache Commons community
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
Posted by Dennis Kieselhorst <de...@apache.org>.
Hi,
can you trigger an update of the pattern on https://nvd.nist.gov/vuln/detail/CVE-2016-1000031 somehow? Currently OWASP dependency check still considers 1.3.3 as insecure.
Cheers
Dennis
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
Posted by "Bruno P. Kinoshita" <br...@yahoo.com.br.INVALID>.
Thanks Rob!
Bruno
________________________________
From: Rob Tompkins <ch...@gmail.com>
To: Commons Developers List <de...@commons.apache.org>; Bruno P. Kinoshita <br...@yahoo.com.br>
Sent: Thursday, 15 June 2017 11:39 PM
Subject: Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
> On Jun 15, 2017, at 6:08 AM, Bruno P. Kinoshita <br...@yahoo.com.br.INVALID> wrote:
>
> A trivial issue, but I found that going to the Xref report link it works fine [1]. However, if you go to the Checkstyle report [2], and then click on any of the links to line numbers (e.g. [3]) you get a 404.
>
> Had a quick look if there was some configuration in the maven plug-in that could help (with the help of Eclipse auto complete), or if I could find someone with similar issue (mainly google + stack overflow), but no obvious solution. Commons Cli was released recently too, and the xref links in Checkstyle are working fine. Will try to compare the configurations tomorrow, but happy if anyone beats me to it (-:
>
> Cheers
>
> Bruno
>
> [1] https://commons.apache.org/proper/commons-fileupload/xref/index.html
> [2] https://commons.apache.org/proper/commons-fileupload/checkstyle.html#src.main.java.org.apache.commons.fileupload.MultipartStream.java[3] https://commons.apache.org/proper/commons-fileupload/xref/src/main/java/org/apache/commons/fileupload/MultipartStream.html#232
>
>
> ps: if someone recreates the site from master branch, I fixed the issues, so the report will be - hopefully - empty
Fixed, and added site deployment from the build.
-Rob
> ________________________________
> From: Rob Tompkins <ch...@apache.org>
> To: announce@apache.org; Commons Developers List <de...@commons.apache.org>; Commons Users List <us...@commons.apache.org>
> Sent: Thursday, 15 June 2017 12:56 AM
> Subject: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
>
>
>
> The Apache Commons Team is pleased to announce the release of Apache Commons
>
> FileUpload 1.3.3.
>
>
> The Apache Commons FileUpload library parses HTTP requests which conform to RFC
>
> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
>
> submitted using the POST method, and with a content type of
>
> "multipart/form-data," then FileUpload can parse that request, and make the
>
> results available in a manner easily used by the caller.
>
>
> The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can
>
> no longer be deserialized, unless a particular system property is set," a fix
>
> for the purposes of security.
>
>
> Source and binary distributions are available for download from the Apache
>
> Commons download site:
>
> http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi
>
>
> When downloading, please verify signatures using the KEYS file available at the
>
> above location when downloading the release.
>
>
> Alternatively the release can be pulled via maven:
>
> <groupId>commons-fileupload</groupId>
>
> <artifactId>commons-fileupload</artifactId>
>
> <version>1.3.3</version>
>
>
> The release notes can be reviewed at:
>
> http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt
>
>
> For complete information on Commons FileUpload, including instructions on how
>
> to submit bug reports, patches, or suggestions for improvement, see the Apache
>
> Commons FileUpload website:
>
>
> http://commons.apache.org/proper/commons-fileupload/
>
>
> Best regards,
>
> Rob Tompkins
>
> on behalf of the Apache Commons community
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>
> For additional commands, e-mail: dev-help@commons.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
Posted by Rob Tompkins <ch...@gmail.com>.
> On Jun 15, 2017, at 6:08 AM, Bruno P. Kinoshita <br...@yahoo.com.br.INVALID> wrote:
>
> A trivial issue, but I found that going to the Xref report link it works fine [1]. However, if you go to the Checkstyle report [2], and then click on any of the links to line numbers (e.g. [3]) you get a 404.
>
> Had a quick look if there was some configuration in the maven plug-in that could help (with the help of Eclipse auto complete), or if I could find someone with similar issue (mainly google + stack overflow), but no obvious solution. Commons Cli was released recently too, and the xref links in Checkstyle are working fine. Will try to compare the configurations tomorrow, but happy if anyone beats me to it (-:
>
> Cheers
>
> Bruno
>
> [1] https://commons.apache.org/proper/commons-fileupload/xref/index.html
> [2] https://commons.apache.org/proper/commons-fileupload/checkstyle.html#src.main.java.org.apache.commons.fileupload.MultipartStream.java[3] https://commons.apache.org/proper/commons-fileupload/xref/src/main/java/org/apache/commons/fileupload/MultipartStream.html#232
>
>
> ps: if someone recreates the site from master branch, I fixed the issues, so the report will be - hopefully - empty
Fixed, and added site deployment from the build.
-Rob
> ________________________________
> From: Rob Tompkins <ch...@apache.org>
> To: announce@apache.org; Commons Developers List <de...@commons.apache.org>; Commons Users List <us...@commons.apache.org>
> Sent: Thursday, 15 June 2017 12:56 AM
> Subject: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
>
>
>
> The Apache Commons Team is pleased to announce the release of Apache Commons
>
> FileUpload 1.3.3.
>
>
> The Apache Commons FileUpload library parses HTTP requests which conform to RFC
>
> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
>
> submitted using the POST method, and with a content type of
>
> "multipart/form-data," then FileUpload can parse that request, and make the
>
> results available in a manner easily used by the caller.
>
>
> The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can
>
> no longer be deserialized, unless a particular system property is set," a fix
>
> for the purposes of security.
>
>
> Source and binary distributions are available for download from the Apache
>
> Commons download site:
>
> http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi
>
>
> When downloading, please verify signatures using the KEYS file available at the
>
> above location when downloading the release.
>
>
> Alternatively the release can be pulled via maven:
>
> <groupId>commons-fileupload</groupId>
>
> <artifactId>commons-fileupload</artifactId>
>
> <version>1.3.3</version>
>
>
> The release notes can be reviewed at:
>
> http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt
>
>
> For complete information on Commons FileUpload, including instructions on how
>
> to submit bug reports, patches, or suggestions for improvement, see the Apache
>
> Commons FileUpload website:
>
>
> http://commons.apache.org/proper/commons-fileupload/
>
>
> Best regards,
>
> Rob Tompkins
>
> on behalf of the Apache Commons community
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>
> For additional commands, e-mail: dev-help@commons.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
Posted by "Bruno P. Kinoshita" <br...@yahoo.com.br.INVALID>.
A trivial issue, but I found that going to the Xref report link it works fine [1]. However, if you go to the Checkstyle report [2], and then click on any of the links to line numbers (e.g. [3]) you get a 404.
Had a quick look if there was some configuration in the maven plug-in that could help (with the help of Eclipse auto complete), or if I could find someone with similar issue (mainly google + stack overflow), but no obvious solution. Commons Cli was released recently too, and the xref links in Checkstyle are working fine. Will try to compare the configurations tomorrow, but happy if anyone beats me to it (-:
Cheers
Bruno
[1] https://commons.apache.org/proper/commons-fileupload/xref/index.html
[2] https://commons.apache.org/proper/commons-fileupload/checkstyle.html#src.main.java.org.apache.commons.fileupload.MultipartStream.java[3] https://commons.apache.org/proper/commons-fileupload/xref/src/main/java/org/apache/commons/fileupload/MultipartStream.html#232
ps: if someone recreates the site from master branch, I fixed the issues, so the report will be - hopefully - empty
________________________________
From: Rob Tompkins <ch...@apache.org>
To: announce@apache.org; Commons Developers List <de...@commons.apache.org>; Commons Users List <us...@commons.apache.org>
Sent: Thursday, 15 June 2017 12:56 AM
Subject: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
The Apache Commons Team is pleased to announce the release of Apache Commons
FileUpload 1.3.3.
The Apache Commons FileUpload library parses HTTP requests which conform to RFC
1867, "Form-based File Upload in HTML." That is, if an HTTP request is
submitted using the POST method, and with a content type of
"multipart/form-data," then FileUpload can parse that request, and make the
results available in a manner easily used by the caller.
The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can
no longer be deserialized, unless a particular system property is set," a fix
for the purposes of security.
Source and binary distributions are available for download from the Apache
Commons download site:
http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi
When downloading, please verify signatures using the KEYS file available at the
above location when downloading the release.
Alternatively the release can be pulled via maven:
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.3</version>
The release notes can be reviewed at:
http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt
For complete information on Commons FileUpload, including instructions on how
to submit bug reports, patches, or suggestions for improvement, see the Apache
Commons FileUpload website:
http://commons.apache.org/proper/commons-fileupload/
Best regards,
Rob Tompkins
on behalf of the Apache Commons community
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
Posted by Gary Gregory <ga...@gmail.com>.
Then maybe we need to document the fact that our code is still based on the
old RFC (is it?) and that we welcome contributions to modernize to the new
RFC...
On Jun 14, 2017 7:07 AM, "Julian Reschke" <ju...@gmx.de> wrote:
> ...
>
>> The Apache Commons FileUpload library parses HTTP requests which conform
>> to RFC
>> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
>> submitted using the POST method, and with a content type of
>> "multipart/form-data," then FileUpload can parse that request, and make
>> the
>> results available in a manner easily used by the caller.
>>
> ...
>
> FWIW, the definition has been update (at least) twice since. The current
> specification is https://tools.ietf.org/html/rfc7578.
>
> Best regards, Julian
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
Posted by Gary Gregory <ga...@gmail.com>.
Then maybe we need to document the fact that our code is still based on the
old RFC (is it?) and that we welcome contributions to modernize to the new
RFC...
On Jun 14, 2017 7:07 AM, "Julian Reschke" <ju...@gmx.de> wrote:
> ...
>
>> The Apache Commons FileUpload library parses HTTP requests which conform
>> to RFC
>> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
>> submitted using the POST method, and with a content type of
>> "multipart/form-data," then FileUpload can parse that request, and make
>> the
>> results available in a manner easily used by the caller.
>>
> ...
>
> FWIW, the definition has been update (at least) twice since. The current
> specification is https://tools.ietf.org/html/rfc7578.
>
> Best regards, Julian
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
Posted by Julian Reschke <ju...@gmx.de>.
...
> The Apache Commons FileUpload library parses HTTP requests which conform to RFC
> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
> submitted using the POST method, and with a content type of
> "multipart/form-data," then FileUpload can parse that request, and make the
> results available in a manner easily used by the caller.
...
FWIW, the definition has been update (at least) twice since. The current
specification is https://tools.ietf.org/html/rfc7578.
Best regards, Julian
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
Posted by Julian Reschke <ju...@gmx.de>.
...
> The Apache Commons FileUpload library parses HTTP requests which conform to RFC
> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
> submitted using the POST method, and with a content type of
> "multipart/form-data," then FileUpload can parse that request, and make the
> results available in a manner easily used by the caller.
...
FWIW, the definition has been update (at least) twice since. The current
specification is https://tools.ietf.org/html/rfc7578.
Best regards, Julian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org