[jira] [Resolved] (SOLR-14905) Update commons-io version to 2.8.0 due to security vulnerability

Bruno Roustant (Jira) Thu, 01 Oct 2020 02:33:16 -0700


     [ 
https://issues.apache.org/jira/browse/SOLR-14905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Bruno Roustant resolved SOLR-14905.
-----------------------------------
    Fix Version/s: 8.7
       Resolution: Fixed

Thanks [~nazerke], this is in.

> Update commons-io version to 2.8.0 due to security vulnerability
> ----------------------------------------------------------------
>
>                 Key: SOLR-14905
>                 URL: https://issues.apache.org/jira/browse/SOLR-14905
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>    Affects Versions: 8.6.2
>            Reporter: Nazerke Seidan
>            Priority: Minor
>             Fix For: 8.7
>
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> The {{commons-io}} (version 2.6) package is vulnerable to Path Traversal. The 
> {{getPrefixLength}} method in {{FilenameUtils.class}} improperly verifies the 
> hostname value received from user input before processing client requests.
> The issue has been fixed in 2.7 onward:
> (https://issues.apache.org/jira/browse/IO-556, 
> https://issues.apache.org/jira/browse/IO-559) 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

[jira] [Resolved] (SOLR-14905) Update commons-io version to 2.8.0 due to security vulnerability

Reply via email to