Author: jochen Date: Wed Jul 14 20:02:16 2010 New Revision: 964159 URL: http://svn.apache.org/viewvc?rev=964159&view=rev Log: Upgrade to latest parent POM, preparing 1.2.2.
Modified: commons/proper/fileupload/trunk/ (props changed) commons/proper/fileupload/trunk/src/changes/changes.xml Propchange: commons/proper/fileupload/trunk/ ------------------------------------------------------------------------------ --- svn:ignore (original) +++ svn:ignore Wed Jul 14 20:02:16 2010 @@ -1,3 +1,5 @@ target maven.log velocity.log + +release.properties Modified: commons/proper/fileupload/trunk/src/changes/changes.xml URL: http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/changes/changes.xml?rev=964159&r1=964158&r2=964159&view=diff ============================================================================== --- commons/proper/fileupload/trunk/src/changes/changes.xml (original) +++ commons/proper/fileupload/trunk/src/changes/changes.xml Wed Jul 14 20:02:16 2010 @@ -44,10 +44,11 @@ The <action> type attribute can be add,u <release version="1.2.2" date="Not yet released"> <action dev="jochen" type="fix" due-to="Daniel Fabian" due-to-email="dfab...@google.com"> - Added a check for file names containing a NUL characters. - Such file names are now triggering an InvalidFileNameException, - due to a security problem. (A file name like "foo.exe\0.png" - might lead to the unintended creation of "foo.exe".) + Added a check for file names containing a NULL characters. Such file + names are now triggering an InvalidFileNameException since the file name + cannot be used as provided to create the file since it will be truncated + at the NUL character on most (all?) operating systems. E.g. a file name + like "test.foo0.bar" would result in "test.foo" being created. </action> <action dev="jochen" type="fix" issue="FILEUPLOAD-160" due-to="Stepan Koltsov" due-to-email="y...@mx1.ru">