[
https://issues.apache.org/jira/browse/FILEUPLOAD-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17887997#comment-17887997
]
Gary D. Gregory edited comment on FILEUPLOAD-357 at 10/9/24 4:15 PM:
---------------------------------------------------------------------
Well, you can expect a 1.6.0 release soon ;-)
was (Author: garydgregory):
Well, you can expect a release soon ;-)
> Backport commons-io upgrade in 1.x for CVE-2024-47554
> -----------------------------------------------------
>
> Key: FILEUPLOAD-357
> URL: https://issues.apache.org/jira/browse/FILEUPLOAD-357
> Project: Commons FileUpload
> Issue Type: Bug
> Affects Versions: 1.5
> Reporter: Didier Loiseau
> Priority: Major
>
> Would it be possible to release a new version of commons-fileupload 1.x that
> depends on the fixed commons-io (2.14+) for
> [CVE-2024-47554|https://nvd.nist.gov/vuln/detail/CVE-2024-47554]?
> Note that there does not seem to be a “patch” release of commons-io with the
> fix, only minor releases. Maybe commons-io should publish a patch for release
> 2.11, in order to publish a commons-fileupload 2.15.1 with the fix?
> p.s. it seems version 1.5 hasn’t been marked as released in Jira
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
