[jira] [Commented] (FILEUPLOAD-357) Backport commons-io upgrade in 1.x for CVE-2024-47554

Yuanhua Han (Jira) Tue, 07 Jan 2025 04:10:04 -0800


    [ 
https://issues.apache.org/jira/browse/FILEUPLOAD-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17910595#comment-17910595
 ]


Yuanhua Han commented on FILEUPLOAD-357:
----------------------------------------

Hello, Can I ask when will Apache Commons FileUpload 1.6.0 be released?

> Backport commons-io upgrade in 1.x for CVE-2024-47554
> -----------------------------------------------------
>
>                 Key: FILEUPLOAD-357
>                 URL: https://issues.apache.org/jira/browse/FILEUPLOAD-357
>             Project: Commons FileUpload
>          Issue Type: Bug
>    Affects Versions: 1.5
>            Reporter: Didier Loiseau
>            Priority: Major
>
> Would it be possible to release a new version of commons-fileupload 1.x that 
> depends on the fixed commons-io (2.14+) for 
> [CVE-2024-47554|https://nvd.nist.gov/vuln/detail/CVE-2024-47554]?
> Note that there does not seem to be a “patch” release of commons-io with the 
> fix, only minor releases. Maybe commons-io should publish a patch for release 
> 2.11, in order to publish a commons-fileupload 2.15.1 with the fix?
> p.s. it seems version 1.5 hasn’t been marked as released in Jira



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FILEUPLOAD-357) Backport commons-io upgrade in 1.x for CVE-2024-47554

Reply via email to