Type: New Feature
Affects Version/s: 8.0.0, 18.104.22.168
Fix Version/s: None
during our internal review we descovered that the pom.xml in "zcommon" package has a reference to commons-fileupload 1.2.2, which is affected by CVE-2014-0050:
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Please update to commons-fileupload 1.3.1 or later.
Thanks & Bye,