[
https://issues.apache.org/jira/browse/SOLR-9819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15716567#comment-15716567
]
ASF subversion and git services commented on SOLR-9819:
-------------------------------------------------------
Commit 660f08a0b96887ad0ca4c147016179f041c522e8 in lucene-solr's branch
refs/heads/branch_6x from [~anshum]
[ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=660f08a ]
SOLR-9819: Upgrade Apache commons-fileupload to 1.3.2, fixing a security
vulnerability
> Upgrade commons-fileupload to 1.3.2
> -----------------------------------
>
> Key: SOLR-9819
> URL: https://issues.apache.org/jira/browse/SOLR-9819
> Project: Solr
> Issue Type: Improvement
> Components: security
> Affects Versions: 4.6, 5.5, 6.0, 6.1, 6.2, 6.3
> Reporter: Anshum Gupta
> Assignee: Anshum Gupta
> Labels: commons-file-upload
> Attachments: SOLR-9819.patch
>
>
> We use Apache commons-fileupload 1.3.1. According to CVE-2016-3092 :
> "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used
> in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3,
> and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause
> a denial of service (CPU consumption) via a long boundary string."
> [Source|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092]
> We should upgrade to 1.3.2.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
