Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14905

Update commons-io version to 2.8.0 due to security vulnerability

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 8.6.2
    • 8.7
    • security
    • None

    Description

      The commons-io (version 2.6) package is vulnerable to Path Traversal. The getPrefixLength method in FilenameUtils.class improperly verifies the hostname value received from user input before processing client requests.

      The issue has been fixed in 2.7 onward:

      (https://issues.apache.org/jira/browse/IO-556, https://issues.apache.org/jira/browse/IO-559

      Attachments

        Activity

          People

            Unassigned Unassigned
            nazerke Nazerke Seidan
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h 50m
                1h 50m