(commons-fileupload) branch release-1.x updated: Add information for CVE-2025-48976

Mon, 16 Jun 2025 05:30:58 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch release-1.x
in repository https://gitbox.apache.org/repos/asf/commons-fileupload.git


The following commit(s) were added to refs/heads/release-1.x by this push:
     new 91f09c1a Add information for CVE-2025-48976
91f09c1a is described below

commit 91f09c1ae3432051b6d94ab0ec3f0becf3de08ea
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Jun 16 13:30:14 2025 +0100

    Add information for CVE-2025-48976
---
 RELEASE-NOTES.txt       | 2 +-
 src/changes/changes.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt
index ea0b8f33..86215889 100644
--- a/RELEASE-NOTES.txt
+++ b/RELEASE-NOTES.txt
@@ -28,7 +28,7 @@ Changes in this version include:
 New features:
 o                  [1.x] Enable multipart/related on FileUpload #314. Thanks 
to mufasa1976, Jochen Wiedmann, Gary Gregory.
 o                  Add JApiCmp to the default Maven goal. Thanks to Gary 
Gregory.
-o                  Add partHeaderSizeMax, a new limit that sets a maximum 
number of bytes for each individual multipart header. The default is 512 bytes. 
Thanks to Mark Thomas.
+o                  SECURITY - CVE-2025-48976. Add partHeaderSizeMax, a new 
limit that sets a maximum number of bytes for each individual multipart header. 
The default is 512 bytes. Thanks to Mark Thomas.
 
 Fixed Bugs:
 o                  Replace use of Locale.ENGLISH with Locale.ROOT. Thanks to 
Gary Gregory.
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 2134d877..e71e9097 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -46,7 +46,7 @@ The <action> type attribute can be add,update,fix,remove.
       <!-- ADD -->
       <action type="add" dev="ggregory" due-to="mufasa1976, Jochen Wiedmann, 
Gary Gregory">[1.x] Enable multipart/related on FileUpload #314.</action>
       <action type="add" dev="ggregory" due-to="Gary Gregory">Add JApiCmp to 
the default Maven goal.</action>
-      <action type="add" dev="markt"    due-to="Mark Thomas">Add 
partHeaderSizeMax, a new limit that sets a maximum number of bytes for each 
individual multipart header. The default is 512 bytes.</action>
+      <action type="add" dev="markt"    due-to="Mark Thomas">SECURITY - 
CVE-2025-48976. Add partHeaderSizeMax, a new limit that sets a maximum number 
of bytes for each individual multipart header. The default is 512 
bytes.</action>
       <!-- FIX -->
       <action type="fix" dev="ggregory" due-to="Gary Gregory">Replace use of 
Locale.ENGLISH with Locale.ROOT.</action>
       <action type="fix" dev="ggregory" due-to="Gary Gregory">Remove unused 
exception from FileUploadBase.createItem(Map, boolean).</action>

Reply via email to