RE: CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability

2016-06-22 Thread Chinoy Gupta
Thanks for the info Mark. Regards, Chinoy -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, June 22, 2016 11:43 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: CVE-2016-3092: Apache Commons Fileupload information disclosure vulnera

Re: CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability

2016-06-22 Thread Mark Thomas
On 22/06/2016 05:51, Chinoy Gupta wrote: > What about 8.5.x branch? Is that also affected. Yes. 8.5.0 to 8.5.2 are affected. > And I am not able to see this update on Tomcat security page. Any reasons for > that? Oversight. I'll get it added later today unless someone beats me to it. I'll also

RE: CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability

2016-06-21 Thread Chinoy Gupta
What about 8.5.x branch? Is that also affected. And I am not able to see this update on Tomcat security page. Any reasons for that? Regards, Chinoy -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Tuesday, June 21, 2016 3:23 PM To: users@tomcat.apache.org;

Re: CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability

2016-06-21 Thread Jochen Wiedmann
Thanks for forwarding. I hope, that everything is alright with the announcement? On Tue, Jun 21, 2016 at 11:53 AM, Mark Thomas wrote: > > Original Message > From: Jochen Wiedmann > Sent: 21 June 2016 10:18:15 BST > To: