Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-9819

Upgrade commons-fileupload to 1.3.2

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.6, 5.5, 6.0, 6.1, 6.2, 6.3
    • Fix Version/s: 5.5.4, 6.4
    • Component/s: security

      Description

      We use Apache commons-fileupload 1.3.1. According to CVE-2016-3092 :

      "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."

      Source

      We should upgrade to 1.3.2.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                anshumg Anshum Gupta
                Reporter:
                anshumg Anshum Gupta
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: