[ https://issues.apache.org/jira/browse/SOLR-9819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anshum Gupta updated SOLR-9819: ------------------------------- Reporter: Anshum Gupta (was: Jeff Field) > Upgrade fileupload-commons to 1.3.2 > ----------------------------------- > > Key: SOLR-9819 > URL: https://issues.apache.org/jira/browse/SOLR-9819 > Project: Solr > Issue Type: Improvement > Components: security > Affects Versions: 4.6, 5.5, 6.0 > Reporter: Anshum Gupta > Assignee: Anshum Gupta > Labels: commons-file-upload > > We use Apache fileupload-commons 1.3.1. According to CVE-2016-3092 : > "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used > in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, > and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause > a denial of service (CPU consumption) via a long boundary string." > [Source|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092] > We should upgrade to 1.3.2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org