I meant commons-fileupload version 1.3.3, sorry for that.
Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ niedz., 4 lis 2018 o 10:30 Lukasz Lenart <lukaszlen...@apache.org> napisał(a): > > The Apache Struts Team recommends to immediately upgrade your Struts 2.3.36 > based projects to use the latest released version of Commons > FileUpload library, which is currently 1.3.1. This is necessary to > prevent your publicly accessible web site from being exposed to > possible DoS attacks [1] [2]. > > Your project is affected if it uses the built-in file upload mechanism > of Struts 2, which defaults to the use of commons-fileupload. The > updated commons-fileupload library is a drop-in replacement for the > vulnerable version. Deployed applications can be hardened by replacing > the commons-fileupload jar file in WEB-INF/lib with the fixed jar. For > Maven based Struts 2 projects, the following dependency needs to be > added: > <dependency> > <groupId>commons-fileupload</groupId> > <artifactId>commons-fileupload</artifactId> > <version>1.3.1</version> > </dependency> > > > More details can be found here: > [1] > http://commons.apache.org/proper/commons-fileupload/changes-report.html#a1.3.1 > [2] > http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3c52f373fc.9030...@apache.org%3E > > on behalf of the Apache Struts Team > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
