Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-5419

Security upgrade commons fileupload

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Normal
    • 9.6.4
    • 10.0.0, 9.6.3
    • None
    • Security Level: Jimmy

    Description

      Steps to Reproduce

      load ZK 9.6.3 jars

      Current Result

      commons fileupload 1.4 is loaded transitively by zk.jar

      Expected Result

      commons fileupload 1.5 (current latest security release) is loaded instead

      Debug Information

      https://security.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-3326457

       

      Workaround

      Use maven dependency management or direct dependency declaration to load the latest commons fileupload dependency instead.

      	<dependencyManagement>
      		<dependencies>
      			<dependency>
      				<groupId>commons-fileupload</groupId>
      				<artifactId>commons-fileupload</artifactId>
      				<version>1.5</version>
      			</dependency>
      		</dependencies>
      	</dependencyManagement>
      

       

      Attachments

        Issue Links

          Activity

            People

              DevChu DevChu
              MDuchemin MDuchemin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: