Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-5419

Security upgrade commons fileupload

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Normal Normal
    • 9.6.4
    • 10.0.0, 9.6.3
    • None
    • Security Level: Jimmy

      Steps to Reproduce

      load ZK 9.6.3 jars

      Current Result

      commons fileupload 1.4 is loaded transitively by zk.jar

      Expected Result

      commons fileupload 1.5 (current latest security release) is loaded instead

      Debug Information

      https://security.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-3326457

       

      Workaround

      Use maven dependency management or direct dependency declaration to load the latest commons fileupload dependency instead.

      	<dependencyManagement>
		<dependencies>
			<dependency>
				<groupId>commons-fileupload</groupId>
				<artifactId>commons-fileupload</artifactId>
				<version>1.5</version>
			</dependency>
		</dependencies>
	</dependencyManagement>

       

            DevChu DevChu
            MDuchemin MDuchemin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: