You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by "Anshum Gupta (JIRA)" <ji...@apache.org> on 2016/12/23 00:27:58 UTC

[jira] [Resolved] (SOLR-9819) Upgrade commons-fileupload to 1.3.2

     [ https://issues.apache.org/jira/browse/SOLR-9819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anshum Gupta resolved SOLR-9819.
--------------------------------
    Resolution: Fixed

> Upgrade commons-fileupload to 1.3.2
> -----------------------------------
>
>                 Key: SOLR-9819
>                 URL: https://issues.apache.org/jira/browse/SOLR-9819
>             Project: Solr
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 4.6, 5.5, 6.0, 6.1, 6.2, 6.3
>            Reporter: Anshum Gupta
>            Assignee: Anshum Gupta
>              Labels: commons-file-upload
>             Fix For: 5.5.4, 6.4
>
>         Attachments: SOLR-9819.patch
>
>
> We use Apache commons-fileupload 1.3.1. According to CVE-2016-3092 :
> "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."
> [Source|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092]
> We should upgrade to 1.3.2.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org