[jira] [Resolved] (KARAF-7737) Stepup to use latest commons-fileupload

Jira Sun, 27 Aug 2023 23:11:07 -0700


     [ 
https://issues.apache.org/jira/browse/KARAF-7737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré resolved KARAF-7737.
-----------------------------------------
    Fix Version/s: 4.3.10
                   4.4.3
       Resolution: Fixed

It's already fixed (see commit b697689e0e9e608035e310a168af465bd67cb6e4). It 
will be include in next releases (currently in preparation).

> Stepup to use latest commons-fileupload
> ---------------------------------------
>
>                 Key: KARAF-7737
>                 URL: https://issues.apache.org/jira/browse/KARAF-7737
>             Project: Karaf
>          Issue Type: Task
>          Components: karaf
>    Affects Versions: 4.4.3
>            Reporter: Karthick
>            Assignee: Jean-Baptiste Onofré
>            Priority: Minor
>              Labels: security
>             Fix For: 4.3.10, 4.4.3
>
>
> We use latest Apache Karaf runtime 4.4.3. Our security scanners flag 
> CVE-2023-24988 on this because the karaf.webconsole 
> [https://mvnrepository.com/artifact/org.apache.karaf.webconsole/org.apache.karaf.webconsole.console/4.4.3]
>  uses vulnerable commons-fileupload 1.4
>  
> There is new version of this fileupload which is clear from the CVE. So 
> please stepup to the newer version in the upcoming Karaf release.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (KARAF-7737) Stepup to use latest commons-fileupload

Reply via email to