You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by "Anshum Gupta (JIRA)" <ji...@apache.org> on 2016/12/02 20:03:58 UTC

[jira] [Updated] (SOLR-9819) Upgrade commons-fileupload to 1.3.2

     [ https://issues.apache.org/jira/browse/SOLR-9819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anshum Gupta updated SOLR-9819:
-------------------------------
    Summary: Upgrade commons-fileupload to 1.3.2  (was: Upgrade fileupload-commons to 1.3.2)

> Upgrade commons-fileupload to 1.3.2
> -----------------------------------
>
>                 Key: SOLR-9819
>                 URL: https://issues.apache.org/jira/browse/SOLR-9819
>             Project: Solr
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 4.6, 5.5, 6.0, 6.1, 6.2, 6.3
>            Reporter: Anshum Gupta
>            Assignee: Anshum Gupta
>              Labels: commons-file-upload
>         Attachments: SOLR-9819.patch
>
>
> We use Apache fileupload-commons 1.3.1. According to CVE-2016-3092 :
> "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."
> [Source|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092]
> We should upgrade to 1.3.2.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org