[
https://issues.apache.org/jira/browse/SOLR-14905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17205394#comment-17205394
]
ASF subversion and git services commented on SOLR-14905:
--------------------------------------------------------
Commit db4bc94480a4a122dae031619cffeef8b9b1aa8f in lucene-solr's branch
refs/heads/branch_8x from Bruno Roustant
[ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=db4bc94 ]
SOLR-14905: Upgrade commons-io version to 2.8.0.
Closes #1935
> Update commons-io version to 2.8.0 due to security vulnerability
> ----------------------------------------------------------------
>
> Key: SOLR-14905
> URL: https://issues.apache.org/jira/browse/SOLR-14905
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Affects Versions: 8.6.2
> Reporter: Nazerke Seidan
> Priority: Minor
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> The {{commons-io}} (version 2.6) package is vulnerable to Path Traversal. The
> {{getPrefixLength}} method in {{FilenameUtils.class}} improperly verifies the
> hostname value received from user input before processing client requests.
> The issue has been fixed in 2.7 onward:
> (https://issues.apache.org/jira/browse/IO-556,
> https://issues.apache.org/jira/browse/IO-559)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
