[
https://issues.apache.org/jira/browse/SOLR-14905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17205454#comment-17205454
]
David Smiley commented on SOLR-14905:
-------------------------------------
I was looking forward to seeing Nazerke as the "author" of this commit... :-/.
Any way, CHANGES.txt is proper. Thanks Nazerke! (and Bruno for helping)
> Update commons-io version to 2.8.0 due to security vulnerability
> ----------------------------------------------------------------
>
> Key: SOLR-14905
> URL: https://issues.apache.org/jira/browse/SOLR-14905
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Affects Versions: 8.6.2
> Reporter: Nazerke Seidan
> Priority: Minor
> Fix For: 8.7
>
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> The {{commons-io}} (version 2.6) package is vulnerable to Path Traversal. The
> {{getPrefixLength}} method in {{FilenameUtils.class}} improperly verifies the
> hostname value received from user input before processing client requests.
> The issue has been fixed in 2.7 onward:
> (https://issues.apache.org/jira/browse/IO-556,
> https://issues.apache.org/jira/browse/IO-559)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
