Wicket has local copy of commons-fileupload files to avoid having dependency to third party libraries.
Recently a security vulnerability has been found in commons-fileupload that is fixed in 1.3.1.
Wicket copy should be patched as well.
- relates to
WICKET-5503 Remove local copies of Commons FileUpload files and use Maven dependency