lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anshum Gupta (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SOLR-9819) Upgrade fileupload-commons to 1.3.2
Date Fri, 02 Dec 2016 17:16:58 GMT

     [ https://issues.apache.org/jira/browse/SOLR-9819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Anshum Gupta updated SOLR-9819:
-------------------------------
    Reporter: Anshum Gupta  (was: Jeff Field)

> Upgrade fileupload-commons to 1.3.2
> -----------------------------------
>
>                 Key: SOLR-9819
>                 URL: https://issues.apache.org/jira/browse/SOLR-9819
>             Project: Solr
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 4.6, 5.5, 6.0
>            Reporter: Anshum Gupta
>            Assignee: Anshum Gupta
>              Labels: commons-file-upload
>
> We use Apache fileupload-commons 1.3.1. According to CVE-2016-3092 :
> "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache
Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and
other products, allows remote attackers to cause a denial of service (CPU consumption) via
a long boundary string."
> [Source|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092]
> We should upgrade to 1.3.2.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message