[ANN] [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior

The Apache Struts Team recommends to immediately upgrade your Struts 2.3.36 based projects to use the latest released version of Commons FileUpload library, which is currently 1.3.3. This is necessary to prevent your publicly accessible web site from being exposed to possible Remote Code Execution

Re: Question Regarding Recent Security Announcement

niedz., 4 lis 2018 o 18:40 David Dillard napisał(a): > 1. Per the Maven repository, Struts 2.3.36 recommends Fileupload 1.3.2 be > used, > not 1.3.3, so I'm confused about what's stated in the email. What's >

RE: Question Regarding Recent Security Announcement

Hi David, That was a typo which already has fixed and re-announced. We meant 1.3.3. Thanks for your email. Regards. >-Original Message- >From: David Dillard >Sent: Sunday, November 4, 2018 9:10 PM >To: user@struts.apache.org >Subject: Question Regarding Recent Security Announcement >

Question Regarding Recent Security Announcement

Hi, An email was recently sent to the Apache Announcements list suggesting that users update to Apache Struts 2.3.36 in order to update to Apache

Re: [ANN] [SECURITY] Immediately upgrade commons-fileupload to version 1.3.1 when running Struts 2.3.36

I meant commons-fileupload version 1.3.3, sorry for that. Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ niedz., 4 lis 2018 o 10:30 Lukasz Lenart napisał(a): > > The Apache Struts Team recommends to immediately upgrade your Struts 2.3.36 > based projects to use the latest

[ANN] [SECURITY] Immediately upgrade commons-fileupload to version 1.3.1 when running Struts 2.3.36

The Apache Struts Team recommends to immediately upgrade your Struts 2.3.36 based projects to use the latest released version of Commons FileUpload library, which is currently 1.3.1. This is necessary to prevent your publicly accessible web site from being exposed to possible DoS attacks [1] [2].