Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Normal
Fix Version/s: 9.6.4
Affects Version/s: 10.0.0, 9.6.3
Component/s: None
Security Level: Jimmy
Labels:
- security

Safety specification requirements:
None

Steps to Reproduce

load ZK 9.6.3 jars

Current Result

commons fileupload 1.4 is loaded transitively by zk.jar

Expected Result

commons fileupload 1.5 (current latest security release) is loaded instead

Debug Information

https://security.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-3326457

Workaround

Use maven dependency management or direct dependency declaration to load the latest commons fileupload dependency instead.

	<dependencyManagement>
		<dependencies>
			<dependency>
				<groupId>commons-fileupload</groupId>
				<artifactId>commons-fileupload</artifactId>
				<version>1.5</version>
			</dependency>
		</dependencies>
	</dependencyManagement>

relates to

ZK-5393 Update ZK jars to jakarta-friendly uploads

Closed

Assignee:: DevChu
Reporter:: MDuchemin
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: 13/Mar/23 9:48 AM
Updated:: 24/Oct/23 7:54 AM
Resolved:: 19/Apr/23 10:42 AM

Details

Description

Steps to Reproduce

Current Result

Expected Result

Debug Information

Workaround

Attachments

Issue Links

Activity

People

Dates