Author: ggregory
Date: Thu May 8 21:59:51 2025
New Revision: 76738
Log:
Staging release: commons-fileupload2-distribution, version: 2.0.0-M3
Added:
dev/commons/fileupload/2.0.0-M3-RC1/
dev/commons/fileupload/2.0.0-M3-RC1/HEADER.html
dev/commons/fileupload/2.0.0-M3-RC1/README.html
dev/commons/fileupload/2.0.0-M3-RC1/RELEASE-NOTES.txt
dev/commons/fileupload/2.0.0-M3-RC1/binaries/
dev/commons/fileupload/2.0.0-M3-RC1/binaries/HEADER.html
dev/commons/fileupload/2.0.0-M3-RC1/binaries/README.html
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.tar.gz
(with props)
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.tar.gz.asc
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.tar.gz.sha512
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.zip
(with props)
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.zip.asc
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.zip.sha512
dev/commons/fileupload/2.0.0-M3-RC1/signature-validator.sh
dev/commons/fileupload/2.0.0-M3-RC1/site/
dev/commons/fileupload/2.0.0-M3-RC1/site/org.apache.commons_commons-fileupload2-distribution-2.0.0-M3.spdx.json
dev/commons/fileupload/2.0.0-M3-RC1/source/
dev/commons/fileupload/2.0.0-M3-RC1/source/HEADER.html
dev/commons/fileupload/2.0.0-M3-RC1/source/README.html
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.tar.gz
(with props)
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.tar.gz.asc
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.tar.gz.sha512
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.zip
(with props)
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.zip.asc
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.zip.sha512
Added: dev/commons/fileupload/2.0.0-M3-RC1/HEADER.html
==============================================================================
--- dev/commons/fileupload/2.0.0-M3-RC1/HEADER.html (added)
+++ dev/commons/fileupload/2.0.0-M3-RC1/HEADER.html Thu May 8 21:59:51 2025
@@ -0,0 +1,31 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<h2>Apache Commons Project Distributions</h2>
+
+<p>
+ The most recent source and binary releases for the Apache Commons project
are available from this
+ directory listing. For older releases, please use the
+ <a href="https://archive.apache.org/dist/commons/";>archives</a>.
+</p>
+
+<h2>Important Notices</h2>
+
+<ul>
+ <li><a href="#mirrors">Download from your nearest mirror site!</a></li>
+ <li><a href="#sig">PGP/GPG Signatures</a></li>
+</ul>
+
Added: dev/commons/fileupload/2.0.0-M3-RC1/README.html
==============================================================================
--- dev/commons/fileupload/2.0.0-M3-RC1/README.html (added)
+++ dev/commons/fileupload/2.0.0-M3-RC1/README.html Thu May 8 21:59:51 2025
@@ -0,0 +1,66 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<h1>Commons-FILEUPLOAD v2.0.0-M3.</h1>
+
+<p>This is the 2.0.0-M3 version of commons-fileupload2-distribution. It is
available in both binary and source distributions.</p>
+
+
+<p><font color="red" size="+2">Note:</font>
+ The tar files in the distribution use GNU tar extensions
+ and must be untarred with a GNU compatible version of tar. The version
+ of tar on Solaris and Mac OS X will not work with these files</p>
+
+<a name="changes"><h2>Changes</h2></a>
+
+<p>The changes in this release are detailed in the release notes.</p>
+
+<p>Thank you for using <a
href="https://commons.apache.org/proper/commons-fileupload/commons-fileupload2-distribution/";>FILEUPLOAD</a>.</p>
+
+<p>From the Apache Commons Project<br><a
href="https://commons.apache.org/";>https://commons.apache.org/</a></p>
+
+<h2><a name="mirrors">Download from your
+ <a href="http://www.apache.org/dyn/closer.cgi/commons/";>nearest mirror
site!</a></a></h2>
+
+<p>
+ Do not download from www.apache.org. Please use a mirror site
+ to help us save apache.org bandwidth.
+ <a href="http://www.apache.org/dyn/closer.cgi/commons/";>Go
+ here to find your nearest mirror.</a>
+</p>
+
+<a name="sig"><h2>Signatures</h2></a>
+
+<p>Many of the files have been digitally signed using GnuPG. If so,
+ there will be an accompanying <samp><em>file</em>.asc</samp> signature
+ file in the same directory as the file (binaries/ or source/). The
+ signing keys can be found in the distribution directory at <<a
+
HREF="http://downloads.apache.org/commons/KEYS";><samp>http://downloads.apache.org/commons/KEYS</samp></a>>.</p>
+
+<p><b>Always download the KEYS file directly from the Apache site, never from
a mirror site.</b></p>
+
+
+<pre>Always test available signatures, <i>e.g.</i>,
+$ pgpk -a KEYS
+$ pgpv commons-fileupload2-distribution-2.0.0-M3-bin.tar.gz.asc
+or,
+$ pgp -ka KEYS
+$ pgp commons-fileupload2-distribution-2.0.0-M3-bin.tar.gz.asc
+or,
+$ gpg --import KEYS
+$ gpg --verify commons-fileupload2-distribution-2.0.0-M3-bin.tar.gz.asc
+</pre>
+<p>
\ No newline at end of file
Added: dev/commons/fileupload/2.0.0-M3-RC1/RELEASE-NOTES.txt
==============================================================================
--- dev/commons/fileupload/2.0.0-M3-RC1/RELEASE-NOTES.txt (added)
+++ dev/commons/fileupload/2.0.0-M3-RC1/RELEASE-NOTES.txt Thu May 8 21:59:51
2025
@@ -0,0 +1,358 @@
+Apache Commons FileUpload 2.0.0-M3 Release Notes
+------------------------------------------------
+
+The Apache Commons FileUpload team is pleased to announce the release of
Apache Commons FileUpload 2.0.0-M3.
+
+The Apache Commons FileUpload component provides a simple yet flexible means of
+adding support for multipart file upload functionality to Servlets and web
+applications. This version requires Java 11 or above.
+
+
+This release requires Java 11.
+
+Changes in version 2.0.0-M3 include:
+
+New features:
+o Handle multipart/related Requests without
content-disposition header. Thanks to mufasa1976, Gary Gregory.
+
+Fixed Bugs:
+o [site] Fix instantiation of DiskFileItemFactory in
migration guide #273. Thanks to Gregor Dschung.
+o FILEUPLOAD-355: [site] Update code example: Use IOUtils instead of Streams
utils class. Thanks to Ana, Gary Gregory.
+o Replace internal use of Locale.ENGLISH with Locale.ROOT.
Thanks to Gary Gregory.
+o Pick up JUnit version from parent POM. Thanks to Gary
Gregory.
+o FILEUPLOAD-356: [site] Fix incorrect link to changes report in Commons
FileUpload #357. Thanks to Mattias Reichel, GirirajSinghRathore, Gary Gregory.
+o Fix changes report link for new version of Maven Changes
plugin from commons-parent 79 #388. Thanks to Filipe Roque.
+o Fix SpotBugs multithreading issues in DiskFileItem. Thanks
to Gary Gregory.
+
+Changes:
+o Bump org.apache.commons:commons-parent from 66 to 83 #283,
#294, #335, #343, #345, #351, #356, #360, #368. Thanks to Gary Gregory.
+o Bump commons-io:commons-io from 2.16.0 to 2.19.0 #297,
#352, #377. Thanks to Gary Gregory.
+o Bump org.apache.maven.plugins:maven-javadoc-plugin from
3.6.3 to 3.7.0 #319. Thanks to Gary Gregory.
+o Bump org.codehaus.mojo:taglist-maven-plugin from 3.0.0 to
3.1.0 #327. Thanks to Gary Gregory.
+o Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0
#331, #338, #346. Thanks to Gary Gregory.
+
+
+For complete information on Apache Commons FileUpload, including instructions
on how to submit bug reports,
+patches, or suggestions for improvement, see the Apache Commons FileUpload
website:
+
+https://commons.apache.org/proper/commons-fileupload/
+
+Download it from
https://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi
+
+------------------------------------------------------------------------------
+Apache Commons FileUpload 2.0.0-M3 Release Notes
+------------------------------------------------
+
+The Apache Commons FileUpload team is pleased to announce the release of
Apache Commons FileUpload 2.0.0-M3.
+
+The Apache Commons FileUpload component provides a simple yet flexible means of
+adding support for multipart file upload functionality to Servlets and web
+applications. This version requires Java 11 or above.
+
+
+This release requires Java 11.
+
+Changes in version 2.0.0-M3 include:
+
+New features:
+o Handle multipart/related Requests without
content-disposition header. Thanks to mufasa1976, Gary Gregory.
+
+Fixed Bugs:
+o [site] Fix instantiation of DiskFileItemFactory in
migration guide #273. Thanks to Gregor Dschung.
+o FILEUPLOAD-355: [site] Update code example: Use IOUtils instead of Streams
utils class. Thanks to Ana, Gary Gregory.
+o Replace internal use of Locale.ENGLISH with Locale.ROOT.
Thanks to Gary Gregory.
+o Pick up JUnit version from parent POM. Thanks to Gary
Gregory.
+o FILEUPLOAD-356: [site] Fix incorrect link to changes report in Commons
FileUpload #357. Thanks to Mattias Reichel, GirirajSinghRathore, Gary Gregory.
+o Fix changes report link for new version of Maven Changes
plugin from commons-parent 79 #388. Thanks to Filipe Roque.
+o Fix SpotBugs multithreading issues in DiskFileItem. Thanks
to Gary Gregory.
+
+Changes:
+o Bump org.apache.commons:commons-parent from 66 to 83 #283,
#294, #335, #343, #345, #351, #356, #360, #368. Thanks to Gary Gregory.
+o Bump commons-io:commons-io from 2.16.0 to 2.19.0 #297,
#352, #377. Thanks to Gary Gregory.
+o Bump org.apache.maven.plugins:maven-javadoc-plugin from
3.6.3 to 3.7.0 #319. Thanks to Gary Gregory.
+o Bump org.codehaus.mojo:taglist-maven-plugin from 3.0.0 to
3.1.0 #327. Thanks to Gary Gregory.
+o Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0
#331, #338, #346. Thanks to Gary Gregory.
+
+
+For complete information on Apache Commons FileUpload, including instructions
on how to submit bug reports,
+patches, or suggestions for improvement, see the Apache Commons FileUpload
website:
+
+https://commons.apache.org/proper/commons-fileupload/
+
+Download it from
https://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi
+
+------------------------------------------------------------------------------
+
+Apache Commons FileUpload 2.0.0-M2 Release Notes
+------------------------------------------------
+
+The Apache Commons FileUpload team is pleased to announce the release of
Apache Commons FileUpload 2.0.0-M2.
+
+The Apache Commons FileUpload component provides a simple yet flexible means of
+adding support for multipart file upload functionality to Servlets and web
+applications. This version requires Java 11 or above.
+
+
+2.0.0-M2 Release
+
+Changes in version 2.0.0-M2 include:
+
+New features:
+o Fix off-by-one error when checking fileSizeMax in
FileItemInputImpl #235. Thanks to James Reeves.
+o FILEUPLOAD-352: NullPointerException in DiskFileItem#toString. Thanks to
Bj�rn Kautler, Gary Gregory.
+o Fail fast on null inputs to
org.apache.commons.fileupload2.core.AbstractRequestContext.AbstractRequestContext(Function,
LongSupplier, T). Thanks to Gary Gregory.
+o Complete refactoring in JakartaServletRequestContext.
Thanks to Gary Gregory.
+o Fix "Implicit narrowing conversion in compound assignment"
from https://github.com/apache/commons-fileupload/security/code-scanning/118.
Thanks to Gary Gregory.
+o Refactor to support Jakarta Servlet 5 and 6. Thanks to Gary
Gregory.
+o Generate some OSGi metadata. Thanks to Michal H Siemaszko,
Gary Gregory.
+
+Fixed Bugs:
+o Pick up Maven Moditect plugin version from parent POM.
Thanks to Gary Gregory.
+
+Changes:
+o Bump Java from 8 to 11. Thanks to Dependabot.
+o Bump commons-parent from 58 to 65. Thanks to Gary Gregory.
+o Bump commons-lang3 from 3.12.0 to 3.14.0. Thanks to Gary
Gregory.
+o Bump commons-io from 2.13.0 to 2.15.1. Thanks to Gary
Gregory.
+
+
+For complete information on Apache Commons FileUpload, including instructions
on how to submit bug reports,
+patches, or suggestions for improvement, see the Apache Commons FileUpload
website:
+
+https://commons.apache.org/proper/commons-fileupload/
+
+Download it from
https://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi
+
+------------------------------------------------------------------------------
+
+Apache Commons FileUpload 2.0.0-M1 Release Notes
+------------------------------------------------
+
+The Apache Commons FileUpload Parent team is pleased to announce the release
of Apache Commons FileUpload Parent 2.0.0-M1.
+
+The Apache Commons FileUpload component provides a simple yet flexible means of
+adding support for multipart file upload functionality to servlets and web
+applications.
+
+This version requires Java 11 or later.
+
+Note also that the base package name has changed to
org.apache.commons.fileupload2,
+so source changes will be required.
+
+The Maven coordinates have also changed to:
+
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-fileupload2</artifactId>
+
+They were previously:
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+
+
+2.0.0-M1 Release
+
+Changes in version 2.0.0-M1 include:
+
+New features:
+o Add github/codeql-action from #144. Thanks to Gary Gregory.
+o Add the package org.apache.fileupload2.jaksrvlt, for
compliance with Jakarta Servlet API 5.0.
+o Making FileUploadException a subclass of IOException.
(Mibor API simplification.)
+o Add a configurable limit (disabled by default) for the
number of files to upload per request.
+
+Fixed Bugs:
+o Changing Maven coordinates, and package name, due to binary
incompatible changes.
+o FILEUPLOAD-293: DiskFileItem.write(File) had been changed to use
FileUtils.moveFile internally, preventing an existing file as the target.
+o FILEUPLOAD-296: Performance gains by reusing an internal buffer. Thanks to
David Georg Reochelt.
+o FILEUPLOAD-274: RFC 5987 compliance Thanks to Merbin J Anselm.
+o Slight optim: resuse the index position instead of
recomputing it #49. Thanks to Emmanuel L�charny.
+o FILEUPLOAD-340: Make commons-fileupload2 a JPMS module by adding
module-info.class.
+o FILEUPLOAD-341: Move Exception classes out of the impl package. Thanks to
Martin Grigorov.
+o Rework exceptions to use propagated exception causes
(introduced in Java 1.4). Thanks to Gary Gregory.
+o All custom exception extend FileUploadException. Thanks to
Gary Gregory.
+o All custom exceptions serialVersionUID value is now 2.
Thanks to Gary Gregory.
+o FILEUPLOAD-350: FileUploadByteCountLimitException ctor switches fileName
and fieldName parameters #216. Thanks to Ernesto Reinaldo Barreiro.
+o [StepSecurity] ci: Harden GitHub Actions #224. Thanks to
step-security-bot, Gary Gregory.
+
+Changes:
+o Bump actions/cache from 2.1.6 to 3.0.8 #128, #140. Thanks
to Dependabot, Gary Gregory.
+o Bump actions/checkout from 2.3.4 to 3.0.2 #125. Thanks to
Dependabot, Gary Gregory.
+o Bump build actions/setup-java from 1.4.3 to 3.8.0 #142,
#175, #180, #182. Thanks to Gary Gregory.
+o Bump Java compiler level to 1.8.
+o Bump commons-io:commons-io 2.6 to 2.13.0, #104, #221.
Thanks to Gary Gregory, Dependabot.
+o Bump junit-jupiter from 5.5.2 to 5.9.1 #31, #130, #156,
#166. Thanks to Dependabot.
+o Bump maven-pmd-plugin from 3.13.0 to 3.19.0 #48, #162.
Thanks to Dependabot.
+o Bump commons.japicmp.version from 0.13.0 to 0.16.0. Thanks
to Gary Gregory.
+o Bump spotbugs-maven-plugin from 4.2.3 to 4.7.3.0 #103,
#133, #141, #146, #155, #163, #179. Thanks to Dependabot.
+o Bump spotbugs from 4.2.3 to 4.7.3, ignore EI_EXPOSE_REP,
and EI_EXPOSE_REP2, #152, #161, #174. Thanks to Dependabot.
+o Bump biz.aQute.bndlib from 6.0.0 to 6.4.0 #129, #181.
Thanks to Dependabot.
+o Bump commons-parent from 52 to 58, #167, #183, #194. Thanks
to Gary Gregory, Dependabot.
+o Bump maven-checkstyle-plugin from 3.1.2 to 3.2.0 #160.
Thanks to Dependabot.
+
+Removed:
+o Remove deprecated constructors in MultipartStream. Thanks
to Gary Gregory.
+o Remove deprecated RequestContext.getContentLength(). Thanks
to Gary Gregory.
+o Remove deprecated
JakSrvltRequestContext.getContentLength(). Thanks to Gary Gregory.
+o Remove deprecated PortletRequestContext.getContentLength().
Thanks to Gary Gregory.
+o Remove deprecated ServletRequestContext.getContentLength().
Thanks to Gary Gregory.
+o Remove deprecated FileUploadBase.MAX_HEADER_SIZE. Thanks to
Gary Gregory.
+o Remove deprecated FileUploadBase.createItem(Map, boolean).
Thanks to Gary Gregory.
+o Remove deprecated FileUploadBase.getFieldName(Map). Thanks
to Gary Gregory.
+o Remove deprecated FileUploadBase.getFileName(Map). Thanks
to Gary Gregory.
+o Remove deprecated FileUploadBase.getHeader(Map, String).
Thanks to Gary Gregory.
+o Remove deprecated FileUploadBase.parseHeaders(String).
Thanks to Gary Gregory.
+o Replace
org.apache.commons.fileupload2.util.mime.Base64Decoder with java.util.Base64.
Thanks to Gary Gregory.
+o Replace LimitedInputStream with BoundedInputStream. Thanks
to Gary Gregory.
+o FileItemHeadersImpl is no longer Serializable. Thanks to
Gary Gregory.
+o Reuse Java's InvalidPathException instead of the custom
InvalidFileNameException. Thanks to Gary Gregory.
+
+For complete information on Apache Commons FileUpload Parent, including
instructions on how to submit bug reports,
+patches, or suggestions for improvement, see the Apache Commons FileUpload
Parent website:
+
+https://commons.apache.org/proper/commons-fileupload/
+
+------------------------------------------------------------------------------
+ Apache Commons FileUpload 1.5 RELEASE NOTES
+
+The Apache Commons FileUpload team is pleased to announce the release of
Apache Commons FileUpload 1.5.
+
+The Apache Commons FileUpload component provides a simple yet flexible means of
+adding support for multipart file upload functionality to servlets and web
+applications. Version 1.3 onwards requires Java 6 or later.
+
+No client code changes are required to migrate from version 1.4 to 1.5.
+
+Changes in version 1.5 include:
+
+New features:
+o Add a configurable limit (disabled by default) for the
number of files to upload per request.
+
+Fixed Bugs:
+o FILEUPLOAD-293: DiskFileItem.write(File) had been changed to use
FileUtils.moveFile internally, preventing an existing file as the target.
+o Improve parsing speed. Thanks to David Georg Reichelt.
+
+Changes:
+o Bump Commons IO to 2.11.0
+o FILEUPLOAD-328 Switch from Cobertura code coverage to Jacoco code
coverage. Thanks to Arturo Bernal.
+o Bump JUnit to 4.13.2
+
+
+For complete information on Apache Commons FileUpload, including instructions
on how to submit bug reports,
+patches, or suggestions for improvement, see the Apache Commons FileUpload
website:
+
+https://commons.apache.org/proper/commons-fileupload/
+
+------------------------------------------------------------------------------
+
+ Apache Commons FileUpload 1.4 RELEASE NOTES
+
+The Apache Commons FileUpload team is pleased to announce the release of
Apache Commons FileUpload 1.4.
+
+The Apache Commons FileUpload component provides a simple yet flexible means of
+adding support for multipart file upload functionality to servlets and web
+applications. Version 1.3 onwards requires Java 6 or later.
+
+
+1.4 Release
+
+Changes in version 1.4 include:
+
+New features:
+o Site: added security report
+
+Fixed Bugs:
+o FILEUPLOAD-252: DiskFileItem#write() could lose original IO exception
+o FILEUPLOAD-258: DiskFileItem#getStoreLocation() wrongly returned a File
object for items stored in memory
+o FILEUPLOAD-242: FileUploadBase - should not silently catch and ignore all
Throwables
+o FILEUPLOAD-257: Fix Javadoc 1.8.0 errors
+o FILEUPLOAD-234: Fix section "Resource cleanup" of the user guide
+o FILEUPLOAD-237: Fix streaming example: use FileItem.getInputStream()
instead of openStream()
+o FILEUPLOAD-248: DiskFileItem might suppress critical IOExceptions on rename
- use FileUtil.move instead
+o FILEUPLOAD-251: DiskFileItem#getTempFile() is broken
+o FILEUPLOAD-250: FileUploadBase - potential resource leak - InputStream not
closed on exception
+o FILEUPLOAD-244: DiskFileItem.readObject fails to close FileInputStream
+o FILEUPLOAD-245: DiskFileItem.get() may not fully read the data
+
+Changes:
+o FILEUPLOAD-292: Don't create un-needed resources in FileUploadBase.java
+o FILEUPLOAD-282: Upversion complier.source, compiler.target to 1.6
+o FILEUPLOAD-246: FileUpload should use IOUtils.closeQuietly where relevant
+o FILEUPLOAD-243: Make some MultipartStream private fields final Thanks to
Ville Skytt�.
+
+
+For complete information on Apache Commons FileUpload, including instructions
on how to submit bug reports,
+patches, or suggestions for improvement, see the Apache Commons FileUpload
website:
+
+https://commons.apache.org/proper/commons-fileupload/
+
+------------------------------------------------------------------------------
+
+ Apache Commons FileUpload 1.3.3 RELEASE NOTES
+
+The Apache Commons FileUpload team is pleased to announce the release of
Apache Commons FileUpload 1.3.3.
+
+The Apache Commons FileUpload component provides a simple yet flexible means of
+adding support for multipart file upload functionality to servlets and web
+applications. Version 1.3 onwards requires Java 5 or later.
+
+No client code changes are required to migrate from version 1.3.0, 1.3.1, or
1.3.2, to 1.3.3
+
+Changes in version 1.3.3 include:
+
+o FILEUPLOAD-279: DiskFileItem can no longer be deserialized, unless a
particular system property is set.
+
+
+For complete information on Apache Commons FileUpload, including instructions
on how to submit bug reports,
+patches, or suggestions for improvement, see the Apache Commons FileUpload
website:
+
+https://commons.apache.org/proper/commons-fileupload/
+
+------------------------------------------------------------------------------
+
+No client code changes are required to migrate from version 1.3.1 to 1.3.2.
+
+Changes in version 1.3.2 include:
+
+o FILEUPLOAD-272: Performance Improvement in MultipartStream. Prevents a DoS
(CVE-2016-3092)
+
+
+For complete information on Apache Commons FileUpload, including instructions
on how to submit bug reports,
+patches, or suggestions for improvement, see the Apache Commons FileUpload
website:
+
+https://commons.apache.org/proper/commons-fileupload/
+
+------------------------------------------------------------------------------
+
+ Apache Commons FileUpload 1.3.1 RELEASE NOTES
+
+The Apache Commons FileUpload team is pleased to announce the release of
Apache Commons FileUpload 1.3.1.
+
+The Apache Commons FileUpload component provides a simple yet flexible means of
+adding support for multipart file upload functionality to servlets and web
+applications. Version 1.3 onwards requires Java 5 or later.
+
+No client code changes are required to migrate from version 1.3.0 to 1.3.1.
+
+
+This is a security and maintenance release that includes an important security
+fix as well as a small number of bugfixes.
+
+Changes in version 1.3.1 include:
+
+
+Fixed Bugs:
+o SECURITY - CVE-2014-0050. Specially crafted input can
trigger a DoS if the
+ buffer used by the MultipartStream is not big enough. When
constructing
+ MultipartStream enforce the requirements for buffer size by
throwing an
+ IllegalArgumentException if the requested buffer size is
too small. This
+ prevents the DoS.
+o When deserializing DiskFileItems ensure that the repository
location, if
+ any, is a valid one. Thanks to Arun Babu Neelicattu.
+o Correct example in usage documentation so it compiles.
+
+
+
+For complete information on Apache Commons FileUpload, including instructions
on how to submit bug reports,
+patches, or suggestions for improvement, see the Apache Commons FileUpload
website:
+
+https://commons.apache.org/proper/commons-fileupload/
+
Added: dev/commons/fileupload/2.0.0-M3-RC1/binaries/HEADER.html
==============================================================================
--- dev/commons/fileupload/2.0.0-M3-RC1/binaries/HEADER.html (added)
+++ dev/commons/fileupload/2.0.0-M3-RC1/binaries/HEADER.html Thu May 8
21:59:51 2025
@@ -0,0 +1,31 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<h2>Apache Commons Project Distributions</h2>
+
+<p>
+ The most recent source and binary releases for the Apache Commons project
are available from this
+ directory listing. For older releases, please use the
+ <a href="https://archive.apache.org/dist/commons/";>archives</a>.
+</p>
+
+<h2>Important Notices</h2>
+
+<ul>
+ <li><a href="#mirrors">Download from your nearest mirror site!</a></li>
+ <li><a href="#sig">PGP/GPG Signatures</a></li>
+</ul>
+
Added: dev/commons/fileupload/2.0.0-M3-RC1/binaries/README.html
==============================================================================
--- dev/commons/fileupload/2.0.0-M3-RC1/binaries/README.html (added)
+++ dev/commons/fileupload/2.0.0-M3-RC1/binaries/README.html Thu May 8
21:59:51 2025
@@ -0,0 +1,66 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<h1>Commons-FILEUPLOAD v2.0.0-M3.</h1>
+
+<p>This is the 2.0.0-M3 version of commons-fileupload2-distribution. It is
available in both binary and source distributions.</p>
+
+
+<p><font color="red" size="+2">Note:</font>
+ The tar files in the distribution use GNU tar extensions
+ and must be untarred with a GNU compatible version of tar. The version
+ of tar on Solaris and Mac OS X will not work with these files</p>
+
+<a name="changes"><h2>Changes</h2></a>
+
+<p>The changes in this release are detailed in the release notes.</p>
+
+<p>Thank you for using <a
href="https://commons.apache.org/proper/commons-fileupload/commons-fileupload2-distribution/";>FILEUPLOAD</a>.</p>
+
+<p>From the Apache Commons Project<br><a
href="https://commons.apache.org/";>https://commons.apache.org/</a></p>
+
+<h2><a name="mirrors">Download from your
+ <a href="http://www.apache.org/dyn/closer.cgi/commons/";>nearest mirror
site!</a></a></h2>
+
+<p>
+ Do not download from www.apache.org. Please use a mirror site
+ to help us save apache.org bandwidth.
+ <a href="http://www.apache.org/dyn/closer.cgi/commons/";>Go
+ here to find your nearest mirror.</a>
+</p>
+
+<a name="sig"><h2>Signatures</h2></a>
+
+<p>Many of the files have been digitally signed using GnuPG. If so,
+ there will be an accompanying <samp><em>file</em>.asc</samp> signature
+ file in the same directory as the file (binaries/ or source/). The
+ signing keys can be found in the distribution directory at <<a
+
HREF="http://downloads.apache.org/commons/KEYS";><samp>http://downloads.apache.org/commons/KEYS</samp></a>>.</p>
+
+<p><b>Always download the KEYS file directly from the Apache site, never from
a mirror site.</b></p>
+
+
+<pre>Always test available signatures, <i>e.g.</i>,
+$ pgpk -a KEYS
+$ pgpv commons-fileupload2-distribution-2.0.0-M3-bin.tar.gz.asc
+or,
+$ pgp -ka KEYS
+$ pgp commons-fileupload2-distribution-2.0.0-M3-bin.tar.gz.asc
+or,
+$ gpg --import KEYS
+$ gpg --verify commons-fileupload2-distribution-2.0.0-M3-bin.tar.gz.asc
+</pre>
+<p>
\ No newline at end of file
Added:
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.tar.gz
==============================================================================
Binary file - no diff available.
Propchange:
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.tar.gz
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.tar.gz.asc
==============================================================================
---
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.tar.gz.asc
(added)
+++
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.tar.gz.asc
Thu May 8 21:59:51 2025
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEELbTx7w+nYezE6pNchv3H4qESYssFAmgdKU4ACgkQhv3H4qES
+Yssnawf9F7bWD3JBBiXjOm0GPvq7ZoZfc8ankL900mwvuPxo85YW//+2eogKdlum
+jBhuZTzf88sILKPVpU6wp9HaKAR+O9PzEZ3kYc1SqJtTcvXmTztfVfOb70TP6HyC
+EukwwMmnPA0y2R1sRo6Ft9ET+5rsk0jyPLLrK0WjBJq10gv/JN+aKGb/iXP++4sB
+3Yyk9Y2danzmH2VZhQivWeA+eRs5kj5qENxkSGBEETDfQYhmvK2G8NOz3qZgAr0B
+h9mL8RsLFlddke1HuounXLEmR4XBTFvsVgUwEJ4uyAgo7M9oy6ED9IzFD3ZWzNRm
+Rf7M6+rYkMnkEucOZyZyYz3KDfA+mQ==
+=zAMt
+-----END PGP SIGNATURE-----
Added:
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.tar.gz.sha512
==============================================================================
---
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.tar.gz.sha512
(added)
+++
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.tar.gz.sha512
Thu May 8 21:59:51 2025
@@ -0,0 +1 @@
+16e63672f6c8f89c3f08def74efade2e3c26481252e26bfd5ca93731da62fa6d3c8fe4b56eb8bec974b4a108c2165c11baebfce7b4a3f67626ad85ce2f3ea86a
Added:
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.zip
==============================================================================
Binary file - no diff available.
Propchange:
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.zip
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.zip.asc
==============================================================================
---
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.zip.asc
(added)
+++
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.zip.asc
Thu May 8 21:59:51 2025
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEyBAABCgAdFiEELbTx7w+nYezE6pNchv3H4qESYssFAmgdKU4ACgkQhv3H4qES
+Ystt7Af4l+GvZX14ksQ7RYOc2QwdoEOIXqrAaoc4GlQGnUAcqOeFt0sdrcx8rQfo
+qrEtMmG65Am2y+iLaePTNX+CgOsEsg8Jb1HJc8Gt3Q3Gpmo6v4Gt0p4U6iCTOHoU
+DwuxY9MuFK+q4Lajg+K7jS0wjeMUy34QP0Q7hHYnGlUZYDSEp3de4/fVanEvsEU6
+bl2yO0RYLtbmQtotmAgRlgv2jBcjk8/he3xqpZt6A1IcUKsSLlLFX/0cMUCyAdJb
+QgCcX7pY+A2WUInbVbZ5pFo7EiORNd4ar+YBI0vEHLRNxo768/ldnZ+9yCCfO7h3
+6qjPamrkHTQPQH3j7cP+VhxBUoeb
+=WWaL
+-----END PGP SIGNATURE-----
Added:
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.zip.sha512
==============================================================================
---
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.zip.sha512
(added)
+++
dev/commons/fileupload/2.0.0-M3-RC1/binaries/commons-fileupload2-2.0.0-M3-bin.zip.sha512
Thu May 8 21:59:51 2025
@@ -0,0 +1 @@
+41558cd9a14ca936c3600e5c7e1d56dea4ece10aeca0ac235159a4e58f4db15a71b4a3c3101de9ca13f764f850b2efbaaf97651916f91562a7c732fc642f981d
Added: dev/commons/fileupload/2.0.0-M3-RC1/signature-validator.sh
==============================================================================
--- dev/commons/fileupload/2.0.0-M3-RC1/signature-validator.sh (added)
+++ dev/commons/fileupload/2.0.0-M3-RC1/signature-validator.sh Thu May 8
21:59:51 2025
@@ -0,0 +1,161 @@
+#!/bin/bash -x
+###########
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###########
+# DOCUMENTATION.
+# This script is to be placed in the root of the svn dist checkout.
+# For example, my directory looks like:
+#
+# drwxr-xr-x@ 8 usr staff 256 Oct 1 11:22 .svn
+# -rw-r--r--@ 1 usr staff 1230 Oct 1 11:22 HEADER.html
+# -rw-r--r--@ 1 usr staff 2649 Oct 1 11:22 README.html
+# -rw-r--r--@ 1 usr staff 5093 Oct 1 11:22 RELEASE-NOTES.txt
+# drwxr-xr-x@ 10 usr staff 320 Oct 1 11:22 binaries
+# -rw-r--r--@ 1 usr staff 3900 Oct 1 13:40 signature-validation.sh
+# drwxr-xr-x@ 44 usr staff 1408 Oct 1 11:22 site
+# drwxr-xr-x@ 10 usr staff 320 Oct 1 11:37 source
+#
+# From here you run ./signature-validation.sh and it will create a directory
"artifacts-for-validation-deletable-post-validation
+# in which all of the binaries generated by a release are copied and then it
checks to see that all of the signatures and hashes
+# are infact correct for the artifacts.
+#
+###########
+
+if test "$#" != "1"
+then
+ echo "ERROR:"
+ echo "We expect the a url like
https://repository.apache.org/content/repositories/orgapachecommons-1531/commons-net/commons-net/3.7.1/";
+ echo "to be passed in as a parameter to the script."
+fi
+
+
+
+BASEDIR="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
+VALIDATION_DIR=${BASEDIR}/artifacts-for-validation-deletable-post-validation
+BINARIES_DIR=${BASEDIR}/binaries
+SOURCE_DIR=${BASEDIR}/source
+
+BASE_NEXUS_URL="$1"
+
+function clean_and_build_validation_dir() {
+ mkdir -p ${VALIDATION_DIR}
+}
+
+function copy_in_checked_out_artifacts() {
+ cp ${BASEDIR}/binaries/commons* ${VALIDATION_DIR}
+ cp ${BASEDIR}/source/commons* ${VALIDATION_DIR}
+}
+
+function download_nexus_artifacts_to_validation_directory() {
+ # Curls html page and does text modification to put artifacts in
semicolon delimited list
+ # ...(ugly but works, debug by removing pipes one at a time)
+ echo "INFO: Downloading artifacts from nexus"
+
+ echo ${BASE_NEXUS_URL}
+ NEXUS_ARTIFACTS=$(curl ${BASE_NEXUS_URL} \
+ | grep "${BASE_NEXUS_URL}" \
+ | cut -d '>' -f3 \
+ | sed "s|</a|;|g" \
+ | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/ /g' \
+ | sed 's/ //g'
+ )
+ IFS=';' read -r -a array <<< "${NEXUS_ARTIFACTS}"
+
+ for element in "${array[@]}"
+ do
+ ARTIFACT_NAME=$(echo $element | cut -d '/' -f7)
+ echo $ARTIFACT_NAME
+ URL="${BASE_NEXUS_URL}${element}"
+ curl $URL -o ${VALIDATION_DIR}/$ARTIFACT_NAME
+ done
+}
+
+function validate_signatures() {
+ echo "INFO: Validating Signatures in ${VALIDATION_DIR}"
+ ALL_ARTIFACTS=$(ls -Al ${VALIDATION_DIR} \
+ | awk -F':[0-9]* ' '/:/{print $2}' \
+ | sed -e ':a' -e 'N' -e '$!ba' -e
's/\n/;/g' \
+ )
+
+ ARTIFACTS_FOR_VALIDATION=()
+
+ IFS=';' read -r -a array <<< "${ALL_ARTIFACTS}"
+
+ for element in "${array[@]}"
+ do
+ if [[ ! (${element} =~ ^.*asc$ || ${element} =~ ^.*sha512$ || ${element}
=~ ^.*md5$ || ${element} =~ ^.*sha1$) ]];
+ then
+ ARTIFACTS_FOR_VALIDATION=("${ARTIFACTS_FOR_VALIDATION[@]}" $element)
+ fi
+ done
+
+ for element in "${ARTIFACTS_FOR_VALIDATION[@]}"
+ do
+ if [[ ${element} =~ ^.*tar.gz.*$ || ${element} =~ ^.*zip.*$ ]];
+ then
+ ARTIFACT_SHA512=$(openssl sha512 ${VALIDATION_DIR}/$element | cut -d '='
-f2 | cut -d ' ' -f2)
+ FILE_SHA512=$(cut -d$'\r' -f1 ${VALIDATION_DIR}/$element.sha512)
+ if test "${ARTIFACT_SHA512}" != "${FILE_SHA512}"
+ then
+ echo "$element failed sha512 check"
+ echo "==${ARTIFACT_SHA512}=="
+ echo "==${FILE_SHA512}=="
+ exit 1;
+ fi
+ else
+ ARTIFACT_MD5=$(openssl md5 ${VALIDATION_DIR}/$element | cut -d '=' -f2 |
cut -d ' ' -f2)
+ FILE_MD5=$(cut -d$'\r' -f1 ${VALIDATION_DIR}/$element.md5)
+ ARTIFACT_SHA1=$(openssl sha1 ${VALIDATION_DIR}/$element | cut -d '=' -f2
| cut -d ' ' -f2)
+ FILE_SHA1=$(cut -d$'\r' -f1 ${VALIDATION_DIR}/$element.sha1)
+ if test "${ARTIFACT_MD5}" != "${FILE_MD5}"
+ then
+ echo "$element failed md5 check"
+ echo "==${ARTIFACT_MD5}=="
+ echo "==${FILE_MD5}=="
+ exit 1;
+ fi
+ if test "${ARTIFACT_SHA1}" != "${FILE_SHA1}"
+ then
+ echo "$element failed sha1 check"
+ echo "==${ARTIFACT_SHA1}=="
+ echo "==${FILE_SHA1}=="
+ exit 1;
+ fi
+
+
+ gpg --verify ${VALIDATION_DIR}/$element.asc ${VALIDATION_DIR}/$element >
/dev/null 2>&1
+ if test "$?" != "0"
+ then
+ echo "$element failed gpg signature check"
+ exit 1;
+ fi
+ fi
+ done
+
+ echo "SUCCESSFUL VALIDATION"
+}
+
+function clean_up_afterwards() {
+ rm -rf ${VALIDATION_DIR}
+}
+
+
+echo $(clean_and_build_validation_dir)
+echo $(copy_in_checked_out_artifacts)
+echo $(download_nexus_artifacts_to_validation_directory)
+echo $(validate_signatures)
+#clean_up_afterwards
+
Added:
dev/commons/fileupload/2.0.0-M3-RC1/site/org.apache.commons_commons-fileupload2-distribution-2.0.0-M3.spdx.json
==============================================================================
---
dev/commons/fileupload/2.0.0-M3-RC1/site/org.apache.commons_commons-fileupload2-distribution-2.0.0-M3.spdx.json
(added)
+++
dev/commons/fileupload/2.0.0-M3-RC1/site/org.apache.commons_commons-fileupload2-distribution-2.0.0-M3.spdx.json
Thu May 8 21:59:51 2025
@@ -0,0 +1,223 @@
+{
+ "SPDXID" : "SPDXRef-DOCUMENT",
+ "spdxVersion" : "SPDX-2.3",
+ "creationInfo" : {
+ "created" : "2025-05-07T23:47:43Z",
+ "creators" : [ "Tool: spdx-maven-plugin" ],
+ "licenseListVersion" : "3.26.0"
+ },
+ "name" : "Apache Commons FileUpload Distribution",
+ "dataLicense" : "CC0-1.0",
+ "documentNamespace" :
"http://spdx.org/spdxpackages/org.apache.commons_commons-fileupload2-distribution-2.0.0-M3";,
+ "packages" : [ {
+ "SPDXID" : "SPDXRef--4b3779bf6",
+ "copyrightText" : "NOASSERTION",
+ "description" : "Apache Commons FileUpload Distribution archives.",
+ "downloadLocation" : "NOASSERTION",
+ "externalRefs" : [ {
+ "referenceCategory" : "PACKAGE-MANAGER",
+ "referenceLocator" :
"pkg:maven/org.apache.commons/commons-fileupload2-distribution@2.0.0-M3",
+ "referenceType" : "purl"
+ } ],
+ "filesAnalyzed" : true,
+ "homepage" :
"https://commons.apache.org/proper/commons-fileupload/commons-fileupload2-distribution/";,
+ "licenseConcluded" : "Apache-2.0",
+ "licenseDeclared" : "Apache-2.0",
+ "licenseInfoFromFiles" : [ "NOASSERTION" ],
+ "name" : "Apache Commons FileUpload Distribution",
+ "originator" : "Organization:The Apache Software Foundation",
+ "packageFileName" : "NOASSERTION",
+ "packageVerificationCode" : {
+ "packageVerificationCodeValue" :
"5d0cc1efc288aacb587e4485bb34c5f3c8ef05d4"
+ },
+ "primaryPackagePurpose" : "INSTALL",
+ "summary" : "Apache Commons FileUpload Distribution archives.",
+ "supplier" : "Organization: The Apache Software Foundation",
+ "versionInfo" : "2.0.0-M3"
+ }, {
+ "SPDXID" : "SPDXRef--18dc780d4",
+ "copyrightText" : "UNSPECIFIED",
+ "description" : "The Apache Commons FileUpload Core component provides the
framework for a simple yet flexible means of adding support for multipart\n
file upload functionality to servlets, portlets, and web applications.",
+ "downloadLocation" : "NOASSERTION",
+ "externalRefs" : [ {
+ "referenceCategory" : "PACKAGE-MANAGER",
+ "referenceLocator" :
"pkg:maven/org.apache.commons/commons-fileupload2-core@2.0.0-M3",
+ "referenceType" : "purl"
+ } ],
+ "filesAnalyzed" : false,
+ "homepage" :
"https://commons.apache.org/proper/commons-fileupload/commons-fileupload2-core/";,
+ "licenseConcluded" : "NOASSERTION",
+ "licenseDeclared" : "Apache-2.0",
+ "name" : "Apache Commons FileUpload Core",
+ "originator" : "Organization:The Apache Software Foundation",
+ "summary" : "The Apache Commons FileUpload Core component provides the
framework for a simple yet flexible means of adding support for multipart\n
file upload functionality to servlets, portlets, and web applications.",
+ "versionInfo" : "2.0.0-M3"
+ }, {
+ "SPDXID" : "SPDXRef--4745193a5",
+ "copyrightText" : "UNSPECIFIED",
+ "description" : "The Apache Commons IO library contains utility classes,
stream implementations, file filters,\nfile comparators, endian transformation
classes, and much more.",
+ "downloadLocation" : "NOASSERTION",
+ "externalRefs" : [ {
+ "referenceCategory" : "PACKAGE-MANAGER",
+ "referenceLocator" : "pkg:maven/commons-io/commons-io@2.19.0",
+ "referenceType" : "purl"
+ } ],
+ "filesAnalyzed" : false,
+ "homepage" : "https://commons.apache.org/proper/commons-io/";,
+ "licenseConcluded" : "NOASSERTION",
+ "licenseDeclared" : "Apache-2.0",
+ "name" : "Apache Commons IO",
+ "originator" : "Organization:The Apache Software Foundation",
+ "summary" : "The Apache Commons IO library contains utility classes,
stream implementations, file filters,\nfile comparators, endian transformation
classes, and much more.",
+ "versionInfo" : "2.19.0"
+ }, {
+ "SPDXID" : "SPDXRef-5dc3e9070",
+ "copyrightText" : "UNSPECIFIED",
+ "description" : "The Apache Commons FileUpload Jakarta component provides
a simple yet flexible means of adding support for multipart\n file upload
functionality to Jakarta servlets and web applications.",
+ "downloadLocation" : "NOASSERTION",
+ "externalRefs" : [ {
+ "referenceCategory" : "PACKAGE-MANAGER",
+ "referenceLocator" :
"pkg:maven/org.apache.commons/commons-fileupload2-jakarta-servlet5@2.0.0-M3",
+ "referenceType" : "purl"
+ } ],
+ "filesAnalyzed" : false,
+ "homepage" :
"https://commons.apache.org/proper/commons-fileupload/commons-fileupload2-jakarta-servlet5/";,
+ "licenseConcluded" : "NOASSERTION",
+ "licenseDeclared" : "Apache-2.0",
+ "name" : "Apache Commons FileUpload Jakarta Servlet 5",
+ "originator" : "Organization:The Apache Software Foundation",
+ "summary" : "The Apache Commons FileUpload Jakarta component provides a
simple yet flexible means of adding support for multipart\n file upload
functionality to Jakarta servlets and web applications.",
+ "versionInfo" : "2.0.0-M3"
+ }, {
+ "SPDXID" : "SPDXRef-520d5a260",
+ "copyrightText" : "UNSPECIFIED",
+ "description" : "The Apache Commons FileUpload Jakarta component provides
a simple yet flexible means of adding support for multipart\n file upload
functionality to Jakarta servlets and web applications.",
+ "downloadLocation" : "NOASSERTION",
+ "externalRefs" : [ {
+ "referenceCategory" : "PACKAGE-MANAGER",
+ "referenceLocator" :
"pkg:maven/org.apache.commons/commons-fileupload2-jakarta-servlet6@2.0.0-M3",
+ "referenceType" : "purl"
+ } ],
+ "filesAnalyzed" : false,
+ "homepage" :
"https://commons.apache.org/proper/commons-fileupload/commons-fileupload2-jakarta-servlet6/";,
+ "licenseConcluded" : "NOASSERTION",
+ "licenseDeclared" : "Apache-2.0",
+ "name" : "Apache Commons FileUpload Jakarta Servlet 6",
+ "originator" : "Organization:The Apache Software Foundation",
+ "summary" : "The Apache Commons FileUpload Jakarta component provides a
simple yet flexible means of adding support for multipart\n file upload
functionality to Jakarta servlets and web applications.",
+ "versionInfo" : "2.0.0-M3"
+ }, {
+ "SPDXID" : "SPDXRef--10a511ba1",
+ "copyrightText" : "UNSPECIFIED",
+ "description" : "The Apache Commons FileUpload Javax component provides a
simple yet flexible means of adding support for multipart\n file upload
functionality to Javax servlets and web applications.",
+ "downloadLocation" : "NOASSERTION",
+ "externalRefs" : [ {
+ "referenceCategory" : "PACKAGE-MANAGER",
+ "referenceLocator" :
"pkg:maven/org.apache.commons/commons-fileupload2-javax@2.0.0-M3",
+ "referenceType" : "purl"
+ } ],
+ "filesAnalyzed" : false,
+ "homepage" :
"https://commons.apache.org/proper/commons-fileupload/commons-fileupload2-javax/";,
+ "licenseConcluded" : "NOASSERTION",
+ "licenseDeclared" : "Apache-2.0",
+ "name" : "Apache Commons FileUpload Javax",
+ "originator" : "Organization:The Apache Software Foundation",
+ "summary" : "The Apache Commons FileUpload Javax component provides a
simple yet flexible means of adding support for multipart\n file upload
functionality to Javax servlets and web applications.",
+ "versionInfo" : "2.0.0-M3"
+ }, {
+ "SPDXID" : "SPDXRef-4803a6220",
+ "copyrightText" : "UNSPECIFIED",
+ "description" : "The Apache Commons FileUpload Portlet component provides
a simple yet flexible means of adding support for multipart\n file upload
functionality to portlet.",
+ "downloadLocation" : "NOASSERTION",
+ "externalRefs" : [ {
+ "referenceCategory" : "PACKAGE-MANAGER",
+ "referenceLocator" :
"pkg:maven/org.apache.commons/commons-fileupload2-portlet@2.0.0-M3",
+ "referenceType" : "purl"
+ } ],
+ "filesAnalyzed" : false,
+ "homepage" :
"https://commons.apache.org/proper/commons-fileupload/commons-fileupload2-portlet/";,
+ "licenseConcluded" : "NOASSERTION",
+ "licenseDeclared" : "Apache-2.0",
+ "name" : "Apache Commons FileUpload Portlet",
+ "originator" : "Organization:The Apache Software Foundation",
+ "summary" : "The Apache Commons FileUpload Portlet component provides a
simple yet flexible means of adding support for multipart\n file upload
functionality to portlet.",
+ "versionInfo" : "2.0.0-M3"
+ } ],
+ "files" : [ {
+ "SPDXID" : "SPDXRef-1d8d9e85",
+ "checksums" : [ {
+ "algorithm" : "SHA1",
+ "checksumValue" : "ff7fa5012a4f952f5751afe874643a5ed71a91b0"
+ } ],
+ "copyrightText" : "NOASSERTION",
+ "fileName" : "./../NOTICE.txt",
+ "fileTypes" : [ "TEXT" ],
+ "licenseConcluded" : "NOASSERTION",
+ "licenseInfoInFiles" : [ "NOASSERTION" ]
+ }, {
+ "SPDXID" : "SPDXRef-3c9ce5555",
+ "checksums" : [ {
+ "algorithm" : "SHA1",
+ "checksumValue" : "2b8b815229aa8a61e483fb4ba0588b8b6c491890"
+ } ],
+ "copyrightText" : "NOASSERTION",
+ "fileName" : "./../LICENSE.txt",
+ "fileTypes" : [ "TEXT" ],
+ "licenseConcluded" : "NOASSERTION",
+ "licenseInfoInFiles" : [ "NOASSERTION" ]
+ } ],
+ "relationships" : [ {
+ "spdxElementId" : "SPDXRef-DOCUMENT",
+ "relationshipType" : "DESCRIBES",
+ "relatedSpdxElement" : "SPDXRef--4b3779bf6",
+ "comment" : ""
+ }, {
+ "spdxElementId" : "SPDXRef--4b3779bf6",
+ "relationshipType" : "CONTAINS",
+ "relatedSpdxElement" : "SPDXRef-3c9ce5555"
+ }, {
+ "spdxElementId" : "SPDXRef--4b3779bf6",
+ "relationshipType" : "DYNAMIC_LINK",
+ "relatedSpdxElement" : "SPDXRef--10a511ba1",
+ "comment" : "Relationship based on Maven POM file dependency information"
+ }, {
+ "spdxElementId" : "SPDXRef--4b3779bf6",
+ "relationshipType" : "DYNAMIC_LINK",
+ "relatedSpdxElement" : "SPDXRef--18dc780d4",
+ "comment" : "Relationship based on Maven POM file dependency information"
+ }, {
+ "spdxElementId" : "SPDXRef--4b3779bf6",
+ "relationshipType" : "DYNAMIC_LINK",
+ "relatedSpdxElement" : "SPDXRef-4803a6220",
+ "comment" : "Relationship based on Maven POM file dependency information"
+ }, {
+ "spdxElementId" : "SPDXRef--4b3779bf6",
+ "relationshipType" : "DYNAMIC_LINK",
+ "relatedSpdxElement" : "SPDXRef-5dc3e9070",
+ "comment" : "Relationship based on Maven POM file dependency information"
+ }, {
+ "spdxElementId" : "SPDXRef--4b3779bf6",
+ "relationshipType" : "CONTAINS",
+ "relatedSpdxElement" : "SPDXRef-1d8d9e85"
+ }, {
+ "spdxElementId" : "SPDXRef--4b3779bf6",
+ "relationshipType" : "DYNAMIC_LINK",
+ "relatedSpdxElement" : "SPDXRef-520d5a260",
+ "comment" : "Relationship based on Maven POM file dependency information"
+ }, {
+ "spdxElementId" : "SPDXRef--18dc780d4",
+ "relationshipType" : "DYNAMIC_LINK",
+ "relatedSpdxElement" : "SPDXRef--4745193a5",
+ "comment" : "Relationship based on Maven POM file dependency information"
+ }, {
+ "spdxElementId" : "SPDXRef-1d8d9e85",
+ "relationshipType" : "GENERATES",
+ "relatedSpdxElement" : "SPDXRef--4b3779bf6",
+ "comment" : ""
+ }, {
+ "spdxElementId" : "SPDXRef-3c9ce5555",
+ "relationshipType" : "GENERATES",
+ "relatedSpdxElement" : "SPDXRef--4b3779bf6",
+ "comment" : ""
+ } ]
+}
\ No newline at end of file
Added: dev/commons/fileupload/2.0.0-M3-RC1/source/HEADER.html
==============================================================================
--- dev/commons/fileupload/2.0.0-M3-RC1/source/HEADER.html (added)
+++ dev/commons/fileupload/2.0.0-M3-RC1/source/HEADER.html Thu May 8 21:59:51
2025
@@ -0,0 +1,31 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<h2>Apache Commons Project Distributions</h2>
+
+<p>
+ The most recent source and binary releases for the Apache Commons project
are available from this
+ directory listing. For older releases, please use the
+ <a href="https://archive.apache.org/dist/commons/";>archives</a>.
+</p>
+
+<h2>Important Notices</h2>
+
+<ul>
+ <li><a href="#mirrors">Download from your nearest mirror site!</a></li>
+ <li><a href="#sig">PGP/GPG Signatures</a></li>
+</ul>
+
Added: dev/commons/fileupload/2.0.0-M3-RC1/source/README.html
==============================================================================
--- dev/commons/fileupload/2.0.0-M3-RC1/source/README.html (added)
+++ dev/commons/fileupload/2.0.0-M3-RC1/source/README.html Thu May 8 21:59:51
2025
@@ -0,0 +1,66 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<h1>Commons-FILEUPLOAD v2.0.0-M3.</h1>
+
+<p>This is the 2.0.0-M3 version of commons-fileupload2-distribution. It is
available in both binary and source distributions.</p>
+
+
+<p><font color="red" size="+2">Note:</font>
+ The tar files in the distribution use GNU tar extensions
+ and must be untarred with a GNU compatible version of tar. The version
+ of tar on Solaris and Mac OS X will not work with these files</p>
+
+<a name="changes"><h2>Changes</h2></a>
+
+<p>The changes in this release are detailed in the release notes.</p>
+
+<p>Thank you for using <a
href="https://commons.apache.org/proper/commons-fileupload/commons-fileupload2-distribution/";>FILEUPLOAD</a>.</p>
+
+<p>From the Apache Commons Project<br><a
href="https://commons.apache.org/";>https://commons.apache.org/</a></p>
+
+<h2><a name="mirrors">Download from your
+ <a href="http://www.apache.org/dyn/closer.cgi/commons/";>nearest mirror
site!</a></a></h2>
+
+<p>
+ Do not download from www.apache.org. Please use a mirror site
+ to help us save apache.org bandwidth.
+ <a href="http://www.apache.org/dyn/closer.cgi/commons/";>Go
+ here to find your nearest mirror.</a>
+</p>
+
+<a name="sig"><h2>Signatures</h2></a>
+
+<p>Many of the files have been digitally signed using GnuPG. If so,
+ there will be an accompanying <samp><em>file</em>.asc</samp> signature
+ file in the same directory as the file (binaries/ or source/). The
+ signing keys can be found in the distribution directory at <<a
+
HREF="http://downloads.apache.org/commons/KEYS";><samp>http://downloads.apache.org/commons/KEYS</samp></a>>.</p>
+
+<p><b>Always download the KEYS file directly from the Apache site, never from
a mirror site.</b></p>
+
+
+<pre>Always test available signatures, <i>e.g.</i>,
+$ pgpk -a KEYS
+$ pgpv commons-fileupload2-distribution-2.0.0-M3-bin.tar.gz.asc
+or,
+$ pgp -ka KEYS
+$ pgp commons-fileupload2-distribution-2.0.0-M3-bin.tar.gz.asc
+or,
+$ gpg --import KEYS
+$ gpg --verify commons-fileupload2-distribution-2.0.0-M3-bin.tar.gz.asc
+</pre>
+<p>
\ No newline at end of file
Added:
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.tar.gz
==============================================================================
Binary file - no diff available.
Propchange:
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.tar.gz
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.tar.gz.asc
==============================================================================
---
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.tar.gz.asc
(added)
+++
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.tar.gz.asc
Thu May 8 21:59:51 2025
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEELbTx7w+nYezE6pNchv3H4qESYssFAmgdKU4ACgkQhv3H4qES
+Ysuklgf/QzUMtE5EJumsU1BMM5Px4zdMk2iPDVUYDpv5mPzG2Pubg7tpKzBh3R0X
+pVEwyzSo4+uJKZpg07zh6aZWVTph+5POepKzIAKeTddy91UKs1hhUSIKWlZ33Isc
+dowA8bjm6Y9Qoitpl9PoT4Ceo0LvC/sw8j1eBC950D1qDKuyZdWX7C9vgin0dovh
+VJO/LyXINiLZDkQE8Co+2GmhDEjhp01BGBJcS/Ty1RsHAfusPb724NDbFybPTZKq
+MXSSCFKBY6AbRiR/9OG+FV6LbknbJ2XeH9bi2Wfbh/DkAsduQHn4oACjvQ/O4j1W
+o9grQZpVtNTK4+e6fAnY0Y39jBVvfA==
+=t2r9
+-----END PGP SIGNATURE-----
Added:
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.tar.gz.sha512
==============================================================================
---
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.tar.gz.sha512
(added)
+++
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.tar.gz.sha512
Thu May 8 21:59:51 2025
@@ -0,0 +1 @@
+a64cd4d283ca0afa2351ee208de5617fe568e885ea764fd52037e91714a4a1f3ffbe10217a520d1d89722acf0a31576144b71a49c13bd10fe03689a7565a1a82
Added:
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.zip
==============================================================================
Binary file - no diff available.
Propchange:
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.zip
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.zip.asc
==============================================================================
---
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.zip.asc
(added)
+++
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.zip.asc
Thu May 8 21:59:51 2025
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEELbTx7w+nYezE6pNchv3H4qESYssFAmgdKU4ACgkQhv3H4qES
+YsuwjQf/StXNHWnmVecD4RVKQ8E+ioXgP/4++HoJ772LpKViueJNNwbW954gTk4u
+/nxOGytgqXzpn1SwI7KOGuWy2hCEQobd/zKcz3XCjLViyqE+cXCYJROzDx+4Gcdb
+oCfaxfWgVSX4quO/5cEtPirAYKznqKjDtazaPw3JAGaZh9WhtEz+58oFXPln55mO
+qpSXPFNVE5EEa0yiYIQGoDm6VEpTVXvP+/LjuDbXut3wUYmdb5Kiw5r6lFU5ji2w
+94JJp9J/t7hN/RqQ3kBTROaFjSk8KKLzJDQX7V1gINdOt7U3zMHsC2+2CIDqkiXI
+Tz5cNCp7Mpl8YyHsc/n/iq5qB45hxg==
+=Zcv4
+-----END PGP SIGNATURE-----
Added:
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.zip.sha512
==============================================================================
---
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.zip.sha512
(added)
+++
dev/commons/fileupload/2.0.0-M3-RC1/source/commons-fileupload2-2.0.0-M3-src.zip.sha512
Thu May 8 21:59:51 2025
@@ -0,0 +1 @@
+d9326c635bc316465e47a38a894635e192b069576a07163749bf2969f9096912ddc714264e3ecab05b4cee9d08ddbed3e27e76cf119684673a182aa291211c90
