Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14905

Update commons-io version to 2.8.0 due to security vulnerability

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 8.6.2
    • Fix Version/s: 8.7
    • Component/s: security
    • Labels:
      None

      Description

      The commons-io (version 2.6) package is vulnerable to Path Traversal. The getPrefixLength method in FilenameUtils.class improperly verifies the hostname value received from user input before processing client requests.

      The issue has been fixed in 2.7 onward:

      (https://issues.apache.org/jira/browse/IO-556, https://issues.apache.org/jira/browse/IO-559

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              nazerke Nazerke Seidan
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h 50m
                1h 50m