Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.3.15.3, 2.3.16
    • Fix Version/s: 2.3.20
    • Component/s: Core Actions
    • Labels:
      None

      Description

      You might already be aware of this but I did not find any issue yet. A security problem has been found in commons-fileupolad:

      http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E

      I know I can fix this easily in my pom.xml file but I think it is better that struts2 updates its dependency as well.

        Activity

        Hide
        lukaszlenart Lukasz Lenart added a comment -

        Yes, we were informed already and we're going to prepare an announcment

        Show
        lukaszlenart Lukasz Lenart added a comment - Yes, we were informed already and we're going to prepare an announcment
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 7d383d6d395cae318b505065df7dab9ce8c13fae in struts's branch refs/heads/develop from Lukasz Lenart
        [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=7d383d6 ]

        WW-4286 Upgrades commons-fileupload to version 1.3.1

        Show
        jira-bot ASF subversion and git services added a comment - Commit 7d383d6d395cae318b505065df7dab9ce8c13fae in struts's branch refs/heads/develop from Lukasz Lenart [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=7d383d6 ] WW-4286 Upgrades commons-fileupload to version 1.3.1
        Hide
        lukaszlenart Lukasz Lenart added a comment -

        Done

        Show
        lukaszlenart Lukasz Lenart added a comment - Done
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Struts-JDK6-develop #5 (See https://builds.apache.org/job/Struts-JDK6-develop/5/)
        WW-4286 Upgrades commons-fileupload to version 1.3.1 (lukaszlenart: rev 7d383d6d395cae318b505065df7dab9ce8c13fae)

        • pom.xml
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Struts-JDK6-develop #5 (See https://builds.apache.org/job/Struts-JDK6-develop/5/ ) WW-4286 Upgrades commons-fileupload to version 1.3.1 (lukaszlenart: rev 7d383d6d395cae318b505065df7dab9ce8c13fae) pom.xml
        Hide
        hudson Hudson added a comment -

        ABORTED: Integrated in Struts-JDK6-master #893 (See https://builds.apache.org/job/Struts-JDK6-master/893/)
        WW-4286 Upgrades commons-fileupload to version 1.3.1 (lukaszlenart: rev 7d383d6d395cae318b505065df7dab9ce8c13fae)

        • pom.xml
        Show
        hudson Hudson added a comment - ABORTED: Integrated in Struts-JDK6-master #893 (See https://builds.apache.org/job/Struts-JDK6-master/893/ ) WW-4286 Upgrades commons-fileupload to version 1.3.1 (lukaszlenart: rev 7d383d6d395cae318b505065df7dab9ce8c13fae) pom.xml

          People

          • Assignee:
            lukaszlenart Lukasz Lenart
            Reporter:
            tbriers Tom Briers
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development