commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r4318 - /dev/commons/fileupload/RELEASE-NOTES.txt
Date Thu, 06 Feb 2014 18:03:44 GMT
Author: markt
Date: Thu Feb  6 18:03:44 2014
New Revision: 4318

Add the RC1 release notes

    dev/commons/fileupload/RELEASE-NOTES.txt   (with props)

Added: dev/commons/fileupload/RELEASE-NOTES.txt
--- dev/commons/fileupload/RELEASE-NOTES.txt (added)
+++ dev/commons/fileupload/RELEASE-NOTES.txt Thu Feb  6 18:03:44 2014
@@ -0,0 +1,33 @@
+              Apache Commons FileUpload 1.3.1 RELEASE NOTES
+The Apache Commons FileUpload team is pleased to announce the release of Apache Commons FileUpload
+The Apache Commons FileUpload component provides a simple yet flexible means of
+adding support for multipart file upload functionality to servlets and web
+applications. Version 1.3 onwards requires Java 5 or later.
+No client code changes are required to migrate from version 1.3.0 to 1.3.1.
+This is a security and maintenance release that includes an important security
+fix as well as a small number of bugfixes.
+Changes in version 1.3.1 include:
+Fixed Bugs:
+o                  SECURITY - CVE-2014-0050. Specially crafted input can trigger a DoS if
+                   buffer used by the MultipartStream is not big enough. When constructing
+                   MultipartStream enforce the requirements for buffer size by throwing an
+                   IllegalArgumentException if the requested buffer size is too small. This
+                   prevents the DoS.
+o                  When deserializing DiskFileItems ensure that the repository location,
+                   any, is a valid one. Thanks to Arun Babu Neelicattu.
+o                  Correct example in usage documentation so it compiles.
+For complete information on Apache Commons FileUpload, including instructions on how to submit
bug reports,
+patches, or suggestions for improvement, see the Apache Apache Commons FileUpload website:

Propchange: dev/commons/fileupload/RELEASE-NOTES.txt
    svn:eol-style = native

View raw message