[jira] [Created] (SOLR-14905) Update commons-io version to 2.8.0 due to security vulnerability

Nazerke Seidan (Jira) Wed, 30 Sep 2020 02:24:39 -0700

Nazerke Seidan created SOLR-14905:
-------------------------------------

             Summary: Update commons-io version to 2.8.0 due to security 
vulnerability
                 Key: SOLR-14905
                 URL: https://issues.apache.org/jira/browse/SOLR-14905
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
          Components: security
    Affects Versions: 8.6.2
            Reporter: Nazerke Seidan



The {{commons-io}} (version 2.6) package is vulnerable to Path Traversal. The 
{{getPrefixLength}} method in {{FilenameUtils.class}} improperly verifies the 
hostname value received from user input before processing client requests.

The issue has been fixed in 2.7 onward:

(https://issues.apache.org/jira/browse/IO-556, 
https://issues.apache.org/jira/browse/IO-559) 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

[jira] [Created] (SOLR-14905) Update commons-io version to 2.8.0 due to security vulnerability

Reply via email to