Lift 2.5.4: Security Release
Shadowfiend
released this
31 Jan 23:09
·
1857 commits
to master
since this release
Lift 2.5 was found to be using an outdated version of Apache Commons
FileUpload, which had an unpatched DoS vulnerability.
Lift 2.5.4 bumps the dependency to the latest version, 1.3.1, which fixes
this vulnerability. Additionally, if you're using sbt, you can directly depend
on commons-fileupload
1.3.1 to evict the Lift dependency without upgrading
Lift. The versions are compatible with respect to Lift's usage.