Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-9819

Upgrade commons-fileupload to 1.3.2

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 4.6, 5.5, 6.0, 6.1, 6.2, 6.3
    • 5.5.4, 6.4
    • security

    Description

      We use Apache commons-fileupload 1.3.1. According to CVE-2016-3092 :

      "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."

      Source

      We should upgrade to 1.3.2.

      Attachments

        Issue Links

        is a clone of

        Improvement - An improvement or enhancement to an existing feature or task. SOLR-9053 Upgrade fileupload-commons to 1.3.1

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            anshum Anshum Gupta
            anshum Anshum Gupta
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment