Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Julian Reschke
...
> The Apache Commons FileUpload library parses HTTP requests which conform to RFC
> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
> submitted using the POST method, and with a content type of
> "multipart/form-data," then FileUpload can parse that request, and make the
> results available in a manner easily used by the caller.
...

FWIW, the definition has been update (at least) twice since. The current
specification is https://tools.ietf.org/html/rfc7578.

Best regards, Julian

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Bruno P. Kinoshita-3
A trivial issue, but I found that going to the Xref report link it works fine [1]. However, if you go to the Checkstyle report [2], and then click on any of the links to line numbers (e.g. [3]) you get a 404.

Had a quick look if there was some configuration in the maven plug-in that could help (with the help of Eclipse auto complete), or if I could find someone with similar issue (mainly google + stack overflow), but no obvious solution. Commons Cli was released recently too, and the xref links in Checkstyle are working fine. Will try to compare the configurations tomorrow, but happy if anyone beats me to it (-:

Cheers

Bruno

[1] https://commons.apache.org/proper/commons-fileupload/xref/index.html
[2] https://commons.apache.org/proper/commons-fileupload/checkstyle.html#src.main.java.org.apache.commons.fileupload.MultipartStream.java[3] https://commons.apache.org/proper/commons-fileupload/xref/src/main/java/org/apache/commons/fileupload/MultipartStream.html#232


ps: if someone recreates the site from master branch, I fixed the issues, so the report will be - hopefully - empty
________________________________
From: Rob Tompkins <[hidden email]>
To: [hidden email]; Commons Developers List <[hidden email]>; Commons Users List <[hidden email]>
Sent: Thursday, 15 June 2017 12:56 AM
Subject: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.



The Apache Commons Team is pleased to announce the release of Apache Commons

FileUpload 1.3.3.


The Apache Commons FileUpload library parses HTTP requests which conform to RFC

1867, "Form-based File Upload in HTML." That is, if an HTTP request is

submitted using the POST method, and with a content type of

"multipart/form-data," then FileUpload can parse that request, and make the

results available in a manner easily used by the caller.


The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can

no longer be deserialized, unless a particular system property is set," a fix

for the purposes of security.


Source and binary distributions are available for download from the Apache

Commons download site:

  http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi


When downloading, please verify signatures using the KEYS file available at the

above location when downloading the release.


Alternatively the release can be pulled via maven:

  <groupId>commons-fileupload</groupId>

  <artifactId>commons-fileupload</artifactId>

  <version>1.3.3</version>


The release notes can be reviewed at:

  http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt


For complete information on Commons FileUpload, including instructions on how

to submit bug reports, patches, or suggestions for improvement, see the Apache

Commons FileUpload website:


http://commons.apache.org/proper/commons-fileupload/


Best regards,

Rob Tompkins

on behalf of the Apache Commons community

---------------------------------------------------------------------

To unsubscribe, e-mail: [hidden email]

For additional commands, e-mail: [hidden email]

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Rob Tompkins

> On Jun 15, 2017, at 6:08 AM, Bruno P. Kinoshita <[hidden email]> wrote:
>
> A trivial issue, but I found that going to the Xref report link it works fine [1]. However, if you go to the Checkstyle report [2], and then click on any of the links to line numbers (e.g. [3]) you get a 404.
>
> Had a quick look if there was some configuration in the maven plug-in that could help (with the help of Eclipse auto complete), or if I could find someone with similar issue (mainly google + stack overflow), but no obvious solution. Commons Cli was released recently too, and the xref links in Checkstyle are working fine. Will try to compare the configurations tomorrow, but happy if anyone beats me to it (-:
>
> Cheers
>
> Bruno
>
> [1] https://commons.apache.org/proper/commons-fileupload/xref/index.html
> [2] https://commons.apache.org/proper/commons-fileupload/checkstyle.html#src.main.java.org.apache.commons.fileupload.MultipartStream.java[3] https://commons.apache.org/proper/commons-fileupload/xref/src/main/java/org/apache/commons/fileupload/MultipartStream.html#232
>
>
> ps: if someone recreates the site from master branch, I fixed the issues, so the report will be - hopefully - empty

Fixed, and added site deployment from the build.

-Rob

> ________________________________
> From: Rob Tompkins <[hidden email]>
> To: [hidden email]; Commons Developers List <[hidden email]>; Commons Users List <[hidden email]>
> Sent: Thursday, 15 June 2017 12:56 AM
> Subject: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
>
>
>
> The Apache Commons Team is pleased to announce the release of Apache Commons
>
> FileUpload 1.3.3.
>
>
> The Apache Commons FileUpload library parses HTTP requests which conform to RFC
>
> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
>
> submitted using the POST method, and with a content type of
>
> "multipart/form-data," then FileUpload can parse that request, and make the
>
> results available in a manner easily used by the caller.
>
>
> The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can
>
> no longer be deserialized, unless a particular system property is set," a fix
>
> for the purposes of security.
>
>
> Source and binary distributions are available for download from the Apache
>
> Commons download site:
>
>  http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi
>
>
> When downloading, please verify signatures using the KEYS file available at the
>
> above location when downloading the release.
>
>
> Alternatively the release can be pulled via maven:
>
>  <groupId>commons-fileupload</groupId>
>
>  <artifactId>commons-fileupload</artifactId>
>
>  <version>1.3.3</version>
>
>
> The release notes can be reviewed at:
>
>  http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt
>
>
> For complete information on Commons FileUpload, including instructions on how
>
> to submit bug reports, patches, or suggestions for improvement, see the Apache
>
> Commons FileUpload website:
>
>
> http://commons.apache.org/proper/commons-fileupload/
>
>
> Best regards,
>
> Rob Tompkins
>
> on behalf of the Apache Commons community
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail: [hidden email]
>
> For additional commands, e-mail: [hidden email]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Bruno P. Kinoshita-3
Thanks Rob!

Bruno

________________________________
From: Rob Tompkins <[hidden email]>
To: Commons Developers List <[hidden email]>; Bruno P. Kinoshita <[hidden email]>
Sent: Thursday, 15 June 2017 11:39 PM
Subject: Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.




> On Jun 15, 2017, at 6:08 AM, Bruno P. Kinoshita <[hidden email]> wrote:
>
> A trivial issue, but I found that going to the Xref report link it works fine [1]. However, if you go to the Checkstyle report [2], and then click on any of the links to line numbers (e.g. [3]) you get a 404.
>
> Had a quick look if there was some configuration in the maven plug-in that could help (with the help of Eclipse auto complete), or if I could find someone with similar issue (mainly google + stack overflow), but no obvious solution. Commons Cli was released recently too, and the xref links in Checkstyle are working fine. Will try to compare the configurations tomorrow, but happy if anyone beats me to it (-:
>
> Cheers
>
> Bruno
>
> [1] https://commons.apache.org/proper/commons-fileupload/xref/index.html
> [2] https://commons.apache.org/proper/commons-fileupload/checkstyle.html#src.main.java.org.apache.commons.fileupload.MultipartStream.java[3] https://commons.apache.org/proper/commons-fileupload/xref/src/main/java/org/apache/commons/fileupload/MultipartStream.html#232
>
>
> ps: if someone recreates the site from master branch, I fixed the issues, so the report will be - hopefully - empty

Fixed, and added site deployment from the build.

-Rob

> ________________________________
> From: Rob Tompkins <[hidden email]>
> To: [hidden email]; Commons Developers List <[hidden email]>; Commons Users List <[hidden email]>
> Sent: Thursday, 15 June 2017 12:56 AM
> Subject: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.
>
>
>
> The Apache Commons Team is pleased to announce the release of Apache Commons
>
> FileUpload 1.3.3.
>
>
> The Apache Commons FileUpload library parses HTTP requests which conform to RFC
>
> 1867, "Form-based File Upload in HTML." That is, if an HTTP request is
>
> submitted using the POST method, and with a content type of
>
> "multipart/form-data," then FileUpload can parse that request, and make the
>
> results available in a manner easily used by the caller.
>
>
> The only change in this release is a fix for, "FILEUPLOAD-279: DiskFileItem can
>
> no longer be deserialized, unless a particular system property is set," a fix
>
> for the purposes of security.
>
>
> Source and binary distributions are available for download from the Apache
>
> Commons download site:
>
>  http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi
>
>
> When downloading, please verify signatures using the KEYS file available at the
>
> above location when downloading the release.
>
>
> Alternatively the release can be pulled via maven:
>
>  <groupId>commons-fileupload</groupId>
>
>  <artifactId>commons-fileupload</artifactId>
>
>  <version>1.3.3</version>
>
>
> The release notes can be reviewed at:
>
>  http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt
>
>
> For complete information on Commons FileUpload, including instructions on how
>
> to submit bug reports, patches, or suggestions for improvement, see the Apache
>
> Commons FileUpload website:
>
>
> http://commons.apache.org/proper/commons-fileupload/
>
>
> Best regards,
>
> Rob Tompkins
>
> on behalf of the Apache Commons community
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail: [hidden email]
>
> For additional commands, e-mail: [hidden email]

>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] Apache Commons FileUpload 1.3.3 released.

Dennis Kieselhorst
In reply to this post by Julian Reschke
Hi,

can you trigger an update of the pattern on https://nvd.nist.gov/vuln/detail/CVE-2016-1000031 somehow? Currently OWASP dependency check still considers 1.3.3 as insecure.

Cheers
Dennis

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]