Hi, Struts 1 is out of maintenance. I have no information whether commons-fileupload 1.3.1 works as a drop-in replacement for 1.1.1 in Struts 1.3 based applications. Most probably you will have to give it a test drive.
Regards, René Am 30.04.14 02:02, schrieb Leopoldo Miranda Martinez/Mexico/IBM: > Hello Struts users community, > > Looking into this URL > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050, it states a > security vulnerability for Apache Commons FileUpload before 1.3.1. > > I'm using Struts v1.3 which bundles commons-fileupload-1.1.1.jar and the > question I have is whether I can safely replace v1.1.1 by > commons-fileupload-1.3.1.jar, the one that's bundled in the latest Struts > version (2.3.16.2). The idea is to remediate the security issue but also, > keeping functionality across the Struts v1.3. > > Any help / advice would be really appreciated. > > Thanks. > -- René Gielen http://twitter.com/rgielen --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
