tapestry-5 icon indicating copy to clipboard operation
tapestry-5 copied to clipboard

Published 20 hours ago verified publisher icon apache

update commons-fileupload to 1.3.3

Open based2 opened this issue 6 years ago • 1 comments

http://mvnrepository.com/artifact/commons-fileupload/commons-fileupload

based2 avatar Apr 28 '18 08:04 based2

Version 1.3.3 was the latest when this PR was created, however, as of today, version 1.5 is the current release.

Upgrading to version 1.5 includes fixes for CVE-2023-24998 and CVE-2016-3092, and hence appears a reasonable.

Attention must be paid to the fact that version 1.5 had a dependency on commons-io version 2.11.0 whereas Tapestry currently depends on version 2.4. Maybe Tapestry can just go to 2.11.0 (or even 2.13.0 which is the latest version as of today), but that should be analyzed and tested first.

vjlamp avatar Jun 28 '23 21:06 vjlamp