Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 5D0D8200BE0 for ; Sat, 3 Dec 2016 01:46:01 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 5BA55160B29; Sat, 3 Dec 2016 00:46:01 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id A5296160B24 for ; Sat, 3 Dec 2016 01:46:00 +0100 (CET) Received: (qmail 1441 invoked by uid 500); 3 Dec 2016 00:45:59 -0000 Mailing-List: contact dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@lucene.apache.org Delivered-To: mailing list dev@lucene.apache.org Received: (qmail 1428 invoked by uid 99); 3 Dec 2016 00:45:59 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 03 Dec 2016 00:45:59 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 7DE862C1F56 for ; Sat, 3 Dec 2016 00:45:59 +0000 (UTC) Date: Sat, 3 Dec 2016 00:45:59 +0000 (UTC) From: "ASF subversion and git services (JIRA)" To: dev@lucene.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (SOLR-9819) Upgrade commons-fileupload to 1.3.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Sat, 03 Dec 2016 00:46:01 -0000 [ https://issues.apache.org/jira/browse/SOLR-9819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15717005#comment-15717005 ] ASF subversion and git services commented on SOLR-9819: ------------------------------------------------------- Commit 8a13448c084cef68e0c44e6997c7a71bd24db278 in lucene-solr's branch refs/heads/branch_5x from [~anshum] [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=8a13448 ] SOLR-9819: Add new line to the end of SHA > Upgrade commons-fileupload to 1.3.2 > ----------------------------------- > > Key: SOLR-9819 > URL: https://issues.apache.org/jira/browse/SOLR-9819 > Project: Solr > Issue Type: Improvement > Components: security > Affects Versions: 4.6, 5.5, 6.0, 6.1, 6.2, 6.3 > Reporter: Anshum Gupta > Assignee: Anshum Gupta > Labels: commons-file-upload > Attachments: SOLR-9819.patch > > > We use Apache commons-fileupload 1.3.1. According to CVE-2016-3092 : > "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string." > [Source|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092] > We should upgrade to 1.3.2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org For additional commands, e-mail: dev-help@lucene.apache.org