[
https://issues.apache.org/jira/browse/MYFACES-4677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871761#comment-17871761
]
Melloware commented on MYFACES-4677:
------------------------------------
[~himanshugupta] wrong project you want Tomahawk:
https://issues.apache.org/jira/projects/TOMAHAWK/issues/TOMAHAWK-1684?filter=allopenissues
> Security Vulnerability Apache commons-fileupload
> -------------------------------------------------
>
> Key: MYFACES-4677
> URL: https://issues.apache.org/jira/browse/MYFACES-4677
> Project: MyFaces Core
> Issue Type: Improvement
> Components: build process
> Reporter: Himanshu Gupta
> Priority: Critical
> Original Estimate: 504h
> Remaining Estimate: 504h
>
> Apache Commons FileUpload before 1.5 does not limit the number of request
> parts to be processed resulting in the possibility of an attacker triggering
> a DoS with a malicious upload or series of uploads. Note that, like all of
> the file upload limits, the new configuration option
> (FileUploadBase#setFileCountMax) is not enabled by default and must be
> explicitly configured. : [https://nvd.nist.gov/vuln/detail/CVE-2023-24998]
> Upgrade to FileUpload 1.5 and provide a way to set
> FileUploadBase#setFileCountMax to a value.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
