Skip to content
This repository has been archived by the owner on Jul 22, 2022. It is now read-only.

commons-fileupload 升级到 1.3.3 #71

Closed
venusdrogon opened this issue Jun 14, 2017 · 0 comments
Closed

commons-fileupload 升级到 1.3.3 #71

venusdrogon opened this issue Jun 14, 2017 · 0 comments
Assignees
@venusdrogon
Labels
⬆️
Milestone
1.10.4

Comments

@venusdrogon
Copy link
Owner

https://www.oschina.net/news/85823/apache-commons-fileupload-1-3-3

Apache Commons FileUpload 1.3.3 RELEASE NOTES

The Apache Commons FileUpload team is pleased to announce the release of Apache Commons FileUpload 1.3.3.

The Apache Commons FileUpload component provides a simple yet flexible means of
adding support for multipart file upload functionality to servlets and web
applications. Version 1.3 onwards requires Java 5 or later.

No client code changes are required to migrate from version 1.3.0, 1.3.1, or 1.3.2, to 1.3.3

Changes in version 1.3.3 include:

o FILEUPLOAD-279: DiskFileItem can no longer be deserialized, unless a particular system property is set.

For complete information on Apache Commons FileUpload, including instructions on how to submit bug reports,
patches, or suggestions for improvement, see the Apache Apache Commons FileUpload website:

http://commons.apache.org/proper/commons-fileupload/

No client code changes are required to migrate from version 1.3.1 to 1.3.2.

Changes in version 1.3.2 include:

o FILEUPLOAD-272: Performance Improvement in MultipartStream. Prevents a DoS (CVE-2016-3092)

For complete information on Apache Commons FileUpload, including instructions on how to submit bug reports,
patches, or suggestions for improvement, see the Apache Apache Commons FileUpload website:

http://commons.apache.org/proper/commons-fileupload/

          Apache Commons FileUpload 1.3.1 RELEASE NOTES

The Apache Commons FileUpload team is pleased to announce the release of Apache Commons FileUpload 1.3.1.

The Apache Commons FileUpload component provides a simple yet flexible means of
adding support for multipart file upload functionality to servlets and web
applications. Version 1.3 onwards requires Java 5 or later.

No client code changes are required to migrate from version 1.3.0 to 1.3.1.

This is a security and maintenance release that includes an important security
fix as well as a small number of bugfixes.

Changes in version 1.3.1 include:

Fixed Bugs:
o SECURITY - CVE-2014-0050. Specially crafted input can trigger a DoS if the
buffer used by the MultipartStream is not big enough. When constructing
MultipartStream enforce the requirements for buffer size by throwing an
IllegalArgumentException if the requested buffer size is too small. This
prevents the DoS.
o When deserializing DiskFileItems ensure that the repository location, if
any, is a valid one. Thanks to Arun Babu Neelicattu.
o Correct example in usage documentation so it compiles.

For complete information on Apache Commons FileUpload, including instructions on how to submit bug reports,
patches, or suggestions for improvement, see the Apache Apache Commons FileUpload website:

http://commons.apache.org/proper/commons-fileupload/
@venusdrogon venusdrogon added this to the 1.10.4 milestone Jun 14, 2017
@venusdrogon venusdrogon self-assigned this Jun 14, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@venusdrogon venusdrogon

Labels
⬆️
Projects
None yet
Milestone
1.10.4
Development

No branches or pull requests
1 participant
@venusdrogon