To whom it may concern, On 3/15/18 8:40 AM, padmanabhan1616 wrote: > Hi Team,We are using Apache SOLR-5.2.1 as index engine for our data analytics > application. As part of this SOLR uses commons-fileupload-1.2.1.jar for file > manipulation.There is security Vulnerability identified in > commons-fileupload library: *CVE-2016-1000031 Apache Commons FileUpload: > DiskFileItem file manipulation*As per official notice from apache software > foundations this issue has been addressed in commons-fileupload-1.3.3.jar > and available for all the dependency vendors.*Is this good toupgrade > commons-fileupload from 1.2.1 to 1.3.3 version directly?* Please suggest us > best way to handle this. Note - *Currently we don't have any requirements > to upgrade solr, So please suggest best way to handle this vulnarability > without upgrade entire SOLR.*Thanks,Padmanabhan
Have you read the changelog?[1] -chris [1] https://commons.apache.org/proper/commons-fileupload/changes-report.html
signature.asc
Description: OpenPGP digital signature
