This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-fileupload.git
The following commit(s) were added to refs/heads/master by this push:
new e592747c Fix description for "Fixed in Apache Commons FileUpload 1.6.0"
e592747c is described below
commit e592747cbad144114abdced8f459aa5de2727d5e
Author: Gary D. Gregory <garydgreg...@gmail.com>
AuthorDate: Mon Jun 16 10:37:46 2025 -0400
Fix description for "Fixed in Apache Commons FileUpload 1.6.0"
---
src/site/xdoc/security.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/site/xdoc/security.xml b/src/site/xdoc/security.xml
index 2ec95cfd..3935729b 100644
--- a/src/site/xdoc/security.xml
+++ b/src/site/xdoc/security.xml
@@ -80,7 +80,7 @@
<p><b>Important: Denial of Service</b> <a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976";>CVE-2025-48976</a></p>
- <p>Apache Commons FileUpload 2.x before 2.0.0-M4 provides a
hard-coded
+ <p>Apache Commons FileUpload 1.x before 1.6.0 provides a hard-coded
limit of 10kB for the size of the headers associated with a multipart
request. A specially crafted request that used a large number of
parts
with large headers could trigger excessive memory usage on the server
