[jira] [Commented] (SOLR-14905) Update commons-io version to 2.8.0 due to security vulnerability

Bruno Roustant (Jira) Wed, 30 Sep 2020 06:09:04 -0700


    [ 
https://issues.apache.org/jira/browse/SOLR-14905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17204715#comment-17204715
 ]


Bruno Roustant commented on SOLR-14905:
---------------------------------------

Thanks Nazerke. I'm testing your PR on my side also.

> Update commons-io version to 2.8.0 due to security vulnerability
> ----------------------------------------------------------------
>
>                 Key: SOLR-14905
>                 URL: https://issues.apache.org/jira/browse/SOLR-14905
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>    Affects Versions: 8.6.2
>            Reporter: Nazerke Seidan
>            Priority: Minor
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The {{commons-io}} (version 2.6) package is vulnerable to Path Traversal. The 
> {{getPrefixLength}} method in {{FilenameUtils.class}} improperly verifies the 
> hostname value received from user input before processing client requests.
> The issue has been fixed in 2.7 onward:
> (https://issues.apache.org/jira/browse/IO-556, 
> https://issues.apache.org/jira/browse/IO-559) 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

[jira] [Commented] (SOLR-14905) Update commons-io version to 2.8.0 due to security vulnerability

Reply via email to