[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-17 Thread Bernd Eckenfels (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16722825#comment-16722825 ] Bernd Eckenfels commented on FILEUPLOAD-279: Snapshots are not released and therefore

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-16 Thread Rasmita Mahapatra (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16722712#comment-16722712 ] Rasmita Mahapatra commented on FILEUPLOAD-279: -- Please confirm if this snapshot is safe

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-06 Thread Rasmita Mahapatra (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16712330#comment-16712330 ] Rasmita Mahapatra commented on FILEUPLOAD-279: -- Please confirm, which build I can use,

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-06 Thread Gary Gregory (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16711584#comment-16711584 ] Gary Gregory commented on FILEUPLOAD-279: - FWIW: I published a new {{1.4-SNAPSHOT}} to

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-06 Thread Jochen Wiedmann (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16711520#comment-16711520 ] Jochen Wiedmann commented on FILEUPLOAD-279: Bernd,   indeed, the fix for master / 1.4

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-06 Thread Gilles (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16711476#comment-16711476 ] Gilles commented on FILEUPLOAD-279: --- bq. ASF bylaws makes it hard to offer snapshots ? Jenkins

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-06 Thread Bernd Eckenfels (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16711420#comment-16711420 ] Bernd Eckenfels commented on FILEUPLOAD-279: ASF bylaws makes it hard to offer snapshots

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-06 Thread Gilles (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16711417#comment-16711417 ] Gilles commented on FILEUPLOAD-279: --- bq. AFAIK, we do not offer automated snapshot builds Some

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-06 Thread Jochen Wiedmann (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16711398#comment-16711398 ] Jochen Wiedmann commented on FILEUPLOAD-279: Rasmita,   as I have no idea, who created

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-06 Thread Bernd Eckenfels (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16711401#comment-16711401 ] Bernd Eckenfels commented on FILEUPLOAD-279: [~joc...@apache.org] I dont think thats

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-06 Thread Bernd Eckenfels (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16711376#comment-16711376 ] Bernd Eckenfels commented on FILEUPLOAD-279: [~rasmita] it looks like the fix is missing

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-05 Thread Rasmita Mahapatra (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16710987#comment-16710987 ] Rasmita Mahapatra commented on FILEUPLOAD-279: -- Is this bug fix is ported to 1.4

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-02 Thread Jochen Wiedmann (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16706448#comment-16706448 ] Jochen Wiedmann commented on FILEUPLOAD-279: Adam,   I do not feel responsible for

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-02 Thread Adam Pikulik (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16706189#comment-16706189 ] Adam Pikulik commented on FILEUPLOAD-279: - Jochen, Thank you for replying so quickly. I am

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-02 Thread Jochen Wiedmann (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16706178#comment-16706178 ] Jochen Wiedmann commented on FILEUPLOAD-279: *Exactly,* as is written in your quote, and

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-12-02 Thread Adam Pikulik (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16706163#comment-16706163 ] Adam Pikulik commented on FILEUPLOAD-279: - Hello, There is "Affected versions: 1.3.2"

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-11-12 Thread Jochen Wiedmann (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16684763#comment-16684763 ] Jochen Wiedmann commented on FILEUPLOAD-279: It is escapes me, why there is a discussion

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-11-12 Thread Bernd Eckenfels (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16684646#comment-16684646 ] Bernd Eckenfels commented on FILEUPLOAD-279: This is not (directly) related to Struts.

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-11-12 Thread Cyrus (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16684615#comment-16684615 ] Cyrus commented on FILEUPLOAD-279: -- Do I need to upgrade my commons-fileupload-1.3.2.jar even if I'm

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-11-06 Thread jack (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16677464#comment-16677464 ] jack commented on FILEUPLOAD-279: - If you can't upgrade, what things should you monitor to reduce the

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-11-06 Thread Bernd Eckenfels (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16677377#comment-16677377 ] Bernd Eckenfels commented on FILEUPLOAD-279: The „safe“ thing to do is, if you are in

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2018-11-06 Thread Matt Kempers (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16677267#comment-16677267 ] Matt Kempers commented on FILEUPLOAD-279: - What is the best way to find this vulnerability

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2017-06-24 Thread Bruno P. Kinoshita (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16062216#comment-16062216 ] Bruno P. Kinoshita commented on FILEUPLOAD-279: --- Updated the version in JIRA, with

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2017-06-24 Thread Mark Symons (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16062007#comment-16062007 ] Mark Symons commented on FILEUPLOAD-279: Thanks very much for the release. 1.3.3 is

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2017-05-31 Thread Gary Gregory (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16032000#comment-16032000 ] Gary Gregory commented on FILEUPLOAD-279: - I'll ping the ML... > CVE-2016-131 - Apache

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2017-05-31 Thread Achim H. (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16031153#comment-16031153 ] Achim H. commented on FILEUPLOAD-279: - Please release the fix. > CVE-2016-131 - Apache

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2017-04-27 Thread Pegasus (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15986143#comment-15986143 ] Pegasus commented on FILEUPLOAD-279: Is there any fix solution available ? help ... >

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2017-04-11 Thread Mark Symons (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15964565#comment-15964565 ] Mark Symons commented on FILEUPLOAD-279: Is there any info on when a solution might be

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2017-01-09 Thread Rick Oosterholt (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15812015#comment-15812015 ] Rick Oosterholt commented on FILEUPLOAD-279: When searching for a fix for this bug, I've

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2016-11-29 Thread Naozumi Taromaru (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15707799#comment-15707799 ] Naozumi Taromaru commented on FILEUPLOAD-279: - > However, what do you tell someone in the

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2016-11-29 Thread Chris Seieroe (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15707286#comment-15707286 ] Chris Seieroe commented on FILEUPLOAD-279: -- I understand the larger problem, and that's

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2016-11-24 Thread Naozumi Taromaru (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15694839#comment-15694839 ] Naozumi Taromaru commented on FILEUPLOAD-279: - Chris, if an application deserializes data

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2016-11-23 Thread Henning Schmiedehausen (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15691568#comment-15691568 ] Henning Schmiedehausen commented on FILEUPLOAD-279: --- you should also remove the

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2016-11-15 Thread Jochen Wiedmann (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15667947#comment-15667947 ] Jochen Wiedmann commented on FILEUPLOAD-279: Chris, we are preparing an alternative

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2016-11-15 Thread Chris Seieroe (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15667888#comment-15667888 ] Chris Seieroe commented on FILEUPLOAD-279: -- Are you saying it breaks backwards compatibility

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2016-11-14 Thread Mark Thomas (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15666372#comment-15666372 ] Mark Thomas commented on FILEUPLOAD-279: -1 to back-porting since it breaks backwards

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2016-11-14 Thread Chris Seieroe (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15665795#comment-15665795 ] Chris Seieroe commented on FILEUPLOAD-279: -- Looking back at the patch, it's a lot larger than

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2016-11-14 Thread Gary Gregory (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15665725#comment-15665725 ] Gary Gregory commented on FILEUPLOAD-279: - Patches welcome! > CVE-2016-131 - Apache

[jira] [Commented] (FILEUPLOAD-279) CVE-2016-1000031 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

2016-11-14 Thread Chris Seieroe (JIRA)
[ https://issues.apache.org/jira/browse/FILEUPLOAD-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15665692#comment-15665692 ] Chris Seieroe commented on FILEUPLOAD-279: -- I noticed that in the main branch, back in May,