Brian Andle created WW-5616:
-------------------------------
Summary: JakartaStreamMultiPartRequest warns on file delete if the
file doesnt exist
Key: WW-5616
URL: https://issues.apache.org/jira/browse/WW-5616
Project: Struts 2
Issue Type: Bug
Affects Versions: 6.8.0
Reporter: Brian Andle
In the 6.x branch version of JakartaStreamMultiPartRequest.java we don't check
that the file exists on cleanup and so the warn log message could raise
unintentional concerns including potentially security concerts. The non stream
version does an exists check (although maybe should have a isFile check
instead).
The main/7.x does a isFile check first in the cleanup in the Abstract so it's
already addressed in 7.x.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
