I meant commons-fileupload version 1.3.3, sorry for that.
Kind regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
niedz., 4 lis 2018 o 10:30 Lukasz Lenart napisał(a):
>
> The Apache Struts Team recommends to immediately upgrade your Struts 2.3.36
> based projects to use the latest released version of Commons
> FileUpload library, which is currently 1.3.1. This is necessary to
> prevent your publicly accessible web site from being exposed to
> possible DoS attacks [1] [2].
>
> Your project is affected if it uses the built-in file upload mechanism
> of Struts 2, which defaults to the use of commons-fileupload. The
> updated commons-fileupload library is a drop-in replacement for the
> vulnerable version. Deployed applications can be hardened by replacing
> the commons-fileupload jar file in WEB-INF/lib with the fixed jar. For
> Maven based Struts 2 projects, the following dependency needs to be
> added:
>
> commons-fileupload
> commons-fileupload
> 1.3.1
>
>
>
> More details can be found here:
> [1]
> http://commons.apache.org/proper/commons-fileupload/changes-report.html#a1.3.1
> [2]
> http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3c52f373fc.9030...@apache.org%3E
>
> on behalf of the Apache Struts Team
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
