[jira] [Commented] (KARAF-7737) Stepup to use latest commons-fileupload

Karthick (Jira) Mon, 28 Aug 2023 04:40:06 -0700


    [ 
https://issues.apache.org/jira/browse/KARAF-7737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17759552#comment-17759552
 ]


Karthick commented on KARAF-7737:
---------------------------------

Thanks.  Hope you intended to say fixed version as 4.3.10 and 4.4.4 instead of 
4.4.3.

> Stepup to use latest commons-fileupload
> ---------------------------------------
>
>                 Key: KARAF-7737
>                 URL: https://issues.apache.org/jira/browse/KARAF-7737
>             Project: Karaf
>          Issue Type: Task
>          Components: karaf
>    Affects Versions: 4.4.3
>            Reporter: Karthick
>            Assignee: Jean-Baptiste Onofré
>            Priority: Minor
>              Labels: security
>             Fix For: 4.4.3, 4.3.10
>
>
> We use latest Apache Karaf runtime 4.4.3. Our security scanners flag 
> CVE-2023-24988 on this because the karaf.webconsole 
> [https://mvnrepository.com/artifact/org.apache.karaf.webconsole/org.apache.karaf.webconsole.console/4.4.3]
>  uses vulnerable commons-fileupload 1.4
>  
> There is new version of this fileupload which is clear from the CVE. So 
> please stepup to the newer version in the upcoming Karaf release.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KARAF-7737) Stepup to use latest commons-fileupload

Reply via email to