Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
Hi, can you trigger an update of the pattern on https://nvd.nist.gov/vuln/detail/CVE-2016-131 somehow? Currently OWASP dependency check still considers 1.3.3 as insecure. Cheers Dennis - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
Thanks Rob! Bruno From: Rob Tompkins <chtom...@gmail.com> To: Commons Developers List <dev@commons.apache.org>; Bruno P. Kinoshita <brunodepau...@yahoo.com.br> Sent: Thursday, 15 June 2017 11:39 PM Subject: Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released. > On Jun 15, 2017, at 6:08 AM, Bruno P. Kinoshita > <brunodepau...@yahoo.com.br.INVALID> wrote: > > A trivial issue, but I found that going to the Xref report link it works fine > [1]. However, if you go to the Checkstyle report [2], and then click on any > of the links to line numbers (e.g. [3]) you get a 404. > > Had a quick look if there was some configuration in the maven plug-in that > could help (with the help of Eclipse auto complete), or if I could find > someone with similar issue (mainly google + stack overflow), but no obvious > solution. Commons Cli was released recently too, and the xref links in > Checkstyle are working fine. Will try to compare the configurations tomorrow, > but happy if anyone beats me to it (-: > > Cheers > > Bruno > > [1] https://commons.apache.org/proper/commons-fileupload/xref/index.html > [2] > https://commons.apache.org/proper/commons-fileupload/checkstyle.html#src.main.java.org.apache.commons.fileupload.MultipartStream.java[3] > > https://commons.apache.org/proper/commons-fileupload/xref/src/main/java/org/apache/commons/fileupload/MultipartStream.html#232 > > > ps: if someone recreates the site from master branch, I fixed the issues, so > the report will be - hopefully - empty Fixed, and added site deployment from the build. -Rob > > From: Rob Tompkins <chtom...@apache.org> > To: annou...@apache.org; Commons Developers List <dev@commons.apache.org>; > Commons Users List <u...@commons.apache.org> > Sent: Thursday, 15 June 2017 12:56 AM > Subject: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released. > > > > The Apache Commons Team is pleased to announce the release of Apache Commons > > FileUpload 1.3.3. > > > The Apache Commons FileUpload library parses HTTP requests which conform to > RFC > > 1867, "Form-based File Upload in HTML." That is, if an HTTP request is > > submitted using the POST method, and with a content type of > > "multipart/form-data," then FileUpload can parse that request, and make the > > results available in a manner easily used by the caller. > > > The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem > can > > no longer be deserialized, unless a particular system property is set," a fix > > for the purposes of security. > > > Source and binary distributions are available for download from the Apache > > Commons download site: > > http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi > > > When downloading, please verify signatures using the KEYS file available at > the > > above location when downloading the release. > > > Alternatively the release can be pulled via maven: > > commons-fileupload > > commons-fileupload > > 1.3.3 > > > The release notes can be reviewed at: > > http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt > > > For complete information on Commons FileUpload, including instructions on how > > to submit bug reports, patches, or suggestions for improvement, see the Apache > > Commons FileUpload website: > > > http://commons.apache.org/proper/commons-fileupload/ > > > Best regards, > > Rob Tompkins > > on behalf of the Apache Commons community > > - > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > - > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
> On Jun 15, 2017, at 6:08 AM, Bruno P. Kinoshita > <brunodepau...@yahoo.com.br.INVALID> wrote: > > A trivial issue, but I found that going to the Xref report link it works fine > [1]. However, if you go to the Checkstyle report [2], and then click on any > of the links to line numbers (e.g. [3]) you get a 404. > > Had a quick look if there was some configuration in the maven plug-in that > could help (with the help of Eclipse auto complete), or if I could find > someone with similar issue (mainly google + stack overflow), but no obvious > solution. Commons Cli was released recently too, and the xref links in > Checkstyle are working fine. Will try to compare the configurations tomorrow, > but happy if anyone beats me to it (-: > > Cheers > > Bruno > > [1] https://commons.apache.org/proper/commons-fileupload/xref/index.html > [2] > https://commons.apache.org/proper/commons-fileupload/checkstyle.html#src.main.java.org.apache.commons.fileupload.MultipartStream.java[3] > > https://commons.apache.org/proper/commons-fileupload/xref/src/main/java/org/apache/commons/fileupload/MultipartStream.html#232 > > > ps: if someone recreates the site from master branch, I fixed the issues, so > the report will be - hopefully - empty Fixed, and added site deployment from the build. -Rob > > From: Rob Tompkins <chtom...@apache.org> > To: annou...@apache.org; Commons Developers List <dev@commons.apache.org>; > Commons Users List <u...@commons.apache.org> > Sent: Thursday, 15 June 2017 12:56 AM > Subject: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released. > > > > The Apache Commons Team is pleased to announce the release of Apache Commons > > FileUpload 1.3.3. > > > The Apache Commons FileUpload library parses HTTP requests which conform to > RFC > > 1867, "Form-based File Upload in HTML." That is, if an HTTP request is > > submitted using the POST method, and with a content type of > > "multipart/form-data," then FileUpload can parse that request, and make the > > results available in a manner easily used by the caller. > > > The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem > can > > no longer be deserialized, unless a particular system property is set," a fix > > for the purposes of security. > > > Source and binary distributions are available for download from the Apache > > Commons download site: > > http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi > > > When downloading, please verify signatures using the KEYS file available at > the > > above location when downloading the release. > > > Alternatively the release can be pulled via maven: > > commons-fileupload > > commons-fileupload > > 1.3.3 > > > The release notes can be reviewed at: > > http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt > > > For complete information on Commons FileUpload, including instructions on how > > to submit bug reports, patches, or suggestions for improvement, see the Apache > > Commons FileUpload website: > > > http://commons.apache.org/proper/commons-fileupload/ > > > Best regards, > > Rob Tompkins > > on behalf of the Apache Commons community > > - > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > - > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
A trivial issue, but I found that going to the Xref report link it works fine [1]. However, if you go to the Checkstyle report [2], and then click on any of the links to line numbers (e.g. [3]) you get a 404. Had a quick look if there was some configuration in the maven plug-in that could help (with the help of Eclipse auto complete), or if I could find someone with similar issue (mainly google + stack overflow), but no obvious solution. Commons Cli was released recently too, and the xref links in Checkstyle are working fine. Will try to compare the configurations tomorrow, but happy if anyone beats me to it (-: Cheers Bruno [1] https://commons.apache.org/proper/commons-fileupload/xref/index.html [2] https://commons.apache.org/proper/commons-fileupload/checkstyle.html#src.main.java.org.apache.commons.fileupload.MultipartStream.java[3] https://commons.apache.org/proper/commons-fileupload/xref/src/main/java/org/apache/commons/fileupload/MultipartStream.html#232 ps: if someone recreates the site from master branch, I fixed the issues, so the report will be - hopefully - empty From: Rob Tompkins <chtom...@apache.org> To: annou...@apache.org; Commons Developers List <dev@commons.apache.org>; Commons Users List <u...@commons.apache.org> Sent: Thursday, 15 June 2017 12:56 AM Subject: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released. The Apache Commons Team is pleased to announce the release of Apache Commons FileUpload 1.3.3. The Apache Commons FileUpload library parses HTTP requests which conform to RFC 1867, "Form-based File Upload in HTML." That is, if an HTTP request is submitted using the POST method, and with a content type of "multipart/form-data," then FileUpload can parse that request, and make the results available in a manner easily used by the caller. The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can no longer be deserialized, unless a particular system property is set," a fix for the purposes of security. Source and binary distributions are available for download from the Apache Commons download site: http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi When downloading, please verify signatures using the KEYS file available at the above location when downloading the release. Alternatively the release can be pulled via maven: commons-fileupload commons-fileupload 1.3.3 The release notes can be reviewed at: http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt For complete information on Commons FileUpload, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons FileUpload website: http://commons.apache.org/proper/commons-fileupload/ Best regards, Rob Tompkins on behalf of the Apache Commons community - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
Then maybe we need to document the fact that our code is still based on the old RFC (is it?) and that we welcome contributions to modernize to the new RFC... On Jun 14, 2017 7:07 AM, "Julian Reschke"wrote: > ... > >> The Apache Commons FileUpload library parses HTTP requests which conform >> to RFC >> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is >> submitted using the POST method, and with a content type of >> "multipart/form-data," then FileUpload can parse that request, and make >> the >> results available in a manner easily used by the caller. >> > ... > > FWIW, the definition has been update (at least) twice since. The current > specification is https://tools.ietf.org/html/rfc7578. > > Best regards, Julian > > - > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
... The Apache Commons FileUpload library parses HTTP requests which conform to RFC 1867, "Form-based File Upload in HTML." That is, if an HTTP request is submitted using the POST method, and with a content type of "multipart/form-data," then FileUpload can parse that request, and make the results available in a manner easily used by the caller. ... FWIW, the definition has been update (at least) twice since. The current specification is https://tools.ietf.org/html/rfc7578. Best regards, Julian - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
[ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
The Apache Commons Team is pleased to announce the release of Apache Commons FileUpload 1.3.3. The Apache Commons FileUpload library parses HTTP requests which conform to RFC 1867, "Form-based File Upload in HTML." That is, if an HTTP request is submitted using the POST method, and with a content type of "multipart/form-data," then FileUpload can parse that request, and make the results available in a manner easily used by the caller. The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can no longer be deserialized, unless a particular system property is set," a fix for the purposes of security. Source and binary distributions are available for download from the Apache Commons download site: http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi When downloading, please verify signatures using the KEYS file available at the above location when downloading the release. Alternatively the release can be pulled via maven: commons-fileupload commons-fileupload 1.3.3 The release notes can be reviewed at: http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt For complete information on Commons FileUpload, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons FileUpload website: http://commons.apache.org/proper/commons-fileupload/ Best regards, Rob Tompkins on behalf of the Apache Commons community - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org