Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-9819

Upgrade commons-fileupload to 1.3.2

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 4.6, 5.5, 6.0, 6.1, 6.2, 6.3
    • 5.5.4, 6.4
    • security

    Description

      We use Apache commons-fileupload 1.3.1. According to CVE-2016-3092 :

      "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."

      Source

      We should upgrade to 1.3.2.

      Attachments

        1. SOLR-9819.patch
          1 kB
          Anshum Gupta

        Issue Links

          is a clone of

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-9053 Upgrade fileupload-commons to 1.3.1

          • Major - Major loss of function.
          • Closed

          Activity

            People

              anshum Anshum Gupta
              anshum Anshum Gupta
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: