commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benedikt Ritter <>
Subject Re: [fileupload][daemon][beanutils] Missing Security Info in Website
Date Tue, 09 Sep 2014 19:24:08 GMT
Hello Stefan,

this is a good idea. I think you've searched hard enough and the said
components simply don't have such a page (yet).


2014-08-31 13:16 GMT+02:00 Stefan Bodewig <>:

> Hi all,
> I've put together a security page for Commons so people have a place to
> get information quickly, it is based on the recommendations by our
> security team[1] and the existing page of Compress[2].
> this one is still in staging so we can fiddle around with it and has not
> been linked from the main nav, yet.
> While looking for existing security information pages of components I
> searched the CVE database and found three issues related to FileUpload
> (CVE-2013-2186 / CVE-2013-0248 / CVE-2014-0050), one for Daemon
> (CVE-2011-2729) and one for BeanUtils (CVE-2011-2729).
> When searching through the site I don't find any hint on the CVEs on the
> Daemon or BeanUtils sites, maybe I've not been looking hard enough.
> FileUpload has two of the three CVEs in its changes report.
> I think the sites should be changed in order to provide information
> about the issues.
> Stefan
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message