Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-9819

Upgrade commons-fileupload to 1.3.2

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.6, 5.5, 6.0, 6.1, 6.2, 6.3
    • Fix Version/s: 5.5.4, 6.4
    • Component/s: security

      Description

      We use Apache commons-fileupload 1.3.1. According to CVE-2016-3092 :

      "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."

      Source

      We should upgrade to 1.3.2.

      1. SOLR-9819.patch
        1 kB
        Anshum Gupta

        Issue Links

          Activity

          Hide
          anshumg Anshum Gupta added a comment -

          The tests pass, so seems like we're good to go.

          Show
          anshumg Anshum Gupta added a comment - The tests pass, so seems like we're good to go.
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit c61268f7cd2c47884f98513febee6bb5f33ea6dc in lucene-solr's branch refs/heads/master from Anshum Gupta
          [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=c61268f ]

          SOLR-9819: Upgrade Apache commons-fileupload to 1.3.2, fixing a security vulnerability

          Show
          jira-bot ASF subversion and git services added a comment - Commit c61268f7cd2c47884f98513febee6bb5f33ea6dc in lucene-solr's branch refs/heads/master from Anshum Gupta [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=c61268f ] SOLR-9819 : Upgrade Apache commons-fileupload to 1.3.2, fixing a security vulnerability
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit 660f08a0b96887ad0ca4c147016179f041c522e8 in lucene-solr's branch refs/heads/branch_6x from Anshum Gupta
          [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=660f08a ]

          SOLR-9819: Upgrade Apache commons-fileupload to 1.3.2, fixing a security vulnerability

          Show
          jira-bot ASF subversion and git services added a comment - Commit 660f08a0b96887ad0ca4c147016179f041c522e8 in lucene-solr's branch refs/heads/branch_6x from Anshum Gupta [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=660f08a ] SOLR-9819 : Upgrade Apache commons-fileupload to 1.3.2, fixing a security vulnerability
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit fc59525dfbedd72d411c52e92279d421d276eb63 in lucene-solr's branch refs/heads/branch_5x from Anshum Gupta
          [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=fc59525 ]

          SOLR-9819: Upgrade Apache commons-fileupload to 1.3.2, fixing a security vulnerability

          Show
          jira-bot ASF subversion and git services added a comment - Commit fc59525dfbedd72d411c52e92279d421d276eb63 in lucene-solr's branch refs/heads/branch_5x from Anshum Gupta [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=fc59525 ] SOLR-9819 : Upgrade Apache commons-fileupload to 1.3.2, fixing a security vulnerability
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit 39c2f3d80fd585c7ae4a4a559d53a19a3f100061 in lucene-solr's branch refs/heads/master from Anshum Gupta
          [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=39c2f3d ]

          SOLR-9819: Add new line to the end of SHA

          Show
          jira-bot ASF subversion and git services added a comment - Commit 39c2f3d80fd585c7ae4a4a559d53a19a3f100061 in lucene-solr's branch refs/heads/master from Anshum Gupta [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=39c2f3d ] SOLR-9819 : Add new line to the end of SHA
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit 3ce1ec3bff3b1ce294569ea3e48d3a2dc6aafb62 in lucene-solr's branch refs/heads/branch_6x from Anshum Gupta
          [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=3ce1ec3 ]

          SOLR-9819: Add new line to the end of SHA

          Show
          jira-bot ASF subversion and git services added a comment - Commit 3ce1ec3bff3b1ce294569ea3e48d3a2dc6aafb62 in lucene-solr's branch refs/heads/branch_6x from Anshum Gupta [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=3ce1ec3 ] SOLR-9819 : Add new line to the end of SHA
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit 8a13448c084cef68e0c44e6997c7a71bd24db278 in lucene-solr's branch refs/heads/branch_5x from Anshum Gupta
          [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=8a13448 ]

          SOLR-9819: Add new line to the end of SHA

          Show
          jira-bot ASF subversion and git services added a comment - Commit 8a13448c084cef68e0c44e6997c7a71bd24db278 in lucene-solr's branch refs/heads/branch_5x from Anshum Gupta [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=8a13448 ] SOLR-9819 : Add new line to the end of SHA
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit 39c2f3d80fd585c7ae4a4a559d53a19a3f100061 in lucene-solr's branch refs/heads/apiv2 from Anshum Gupta
          [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=39c2f3d ]

          SOLR-9819: Add new line to the end of SHA

          Show
          jira-bot ASF subversion and git services added a comment - Commit 39c2f3d80fd585c7ae4a4a559d53a19a3f100061 in lucene-solr's branch refs/heads/apiv2 from Anshum Gupta [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=39c2f3d ] SOLR-9819 : Add new line to the end of SHA
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit 416f2b7920b498f7b3ed07840e180c0d726f853b in lucene-solr's branch refs/heads/branch_5_5 from Anshum Gupta
          [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=416f2b7 ]

          SOLR-9819: Upgrade Apache commons-fileupload to 1.3.2, fixing a security vulnerability

          Show
          jira-bot ASF subversion and git services added a comment - Commit 416f2b7920b498f7b3ed07840e180c0d726f853b in lucene-solr's branch refs/heads/branch_5_5 from Anshum Gupta [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=416f2b7 ] SOLR-9819 : Upgrade Apache commons-fileupload to 1.3.2, fixing a security vulnerability
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit b32f6904b3ef212d5cfd6c654338dd2d6af94a03 in lucene-solr's branch refs/heads/branch_5_5 from Anshum Gupta
          [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=b32f690 ]

          SOLR-9819: Add new line to the end of SHA

          Show
          jira-bot ASF subversion and git services added a comment - Commit b32f6904b3ef212d5cfd6c654338dd2d6af94a03 in lucene-solr's branch refs/heads/branch_5_5 from Anshum Gupta [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=b32f690 ] SOLR-9819 : Add new line to the end of SHA
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit 5fb4be2aa3a36a8ebf15dc2a77c9d00b10104760 in lucene-solr's branch refs/heads/branch_5_5 from anshum
          [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=5fb4be2 ]

          SOLR-9819: Fix solr/CHANGES.txt for 5.5.4

          Show
          jira-bot ASF subversion and git services added a comment - Commit 5fb4be2aa3a36a8ebf15dc2a77c9d00b10104760 in lucene-solr's branch refs/heads/branch_5_5 from anshum [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=5fb4be2 ] SOLR-9819 : Fix solr/CHANGES.txt for 5.5.4

            People

            • Assignee:
              anshumg Anshum Gupta
              Reporter:
              anshumg Anshum Gupta
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development