lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-9819) Upgrade commons-fileupload to 1.3.2
Date Tue, 06 Dec 2016 23:13:58 GMT

    [ https://issues.apache.org/jira/browse/SOLR-9819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15727035#comment-15727035
] 

ASF subversion and git services commented on SOLR-9819:
-------------------------------------------------------

Commit 39c2f3d80fd585c7ae4a4a559d53a19a3f100061 in lucene-solr's branch refs/heads/apiv2 from
[~anshum]
[ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=39c2f3d ]

SOLR-9819: Add new line to the end of SHA


> Upgrade commons-fileupload to 1.3.2
> -----------------------------------
>
>                 Key: SOLR-9819
>                 URL: https://issues.apache.org/jira/browse/SOLR-9819
>             Project: Solr
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 4.6, 5.5, 6.0, 6.1, 6.2, 6.3
>            Reporter: Anshum Gupta
>            Assignee: Anshum Gupta
>              Labels: commons-file-upload
>         Attachments: SOLR-9819.patch
>
>
> We use Apache commons-fileupload 1.3.1. According to CVE-2016-3092 :
> "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache
Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and
other products, allows remote attackers to cause a denial of service (CPU consumption) via
a long boundary string."
> [Source|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092]
> We should upgrade to 1.3.2.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message