From issues-return-31279-apmail-struts-issues-archive=struts.apache.org@struts.apache.org Fri Nov 3 11:56:07 2017 Return-Path: X-Original-To: apmail-struts-issues-archive@minotaur.apache.org Delivered-To: apmail-struts-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8891017A16 for ; Fri, 3 Nov 2017 11:56:07 +0000 (UTC) Received: (qmail 75622 invoked by uid 500); 3 Nov 2017 11:56:02 -0000 Delivered-To: apmail-struts-issues-archive@struts.apache.org Received: (qmail 75580 invoked by uid 500); 3 Nov 2017 11:56:02 -0000 Mailing-List: contact issues-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list issues@struts.apache.org Received: (qmail 75570 invoked by uid 99); 3 Nov 2017 11:56:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Nov 2017 11:56:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id A3C361807B0 for ; Fri, 3 Nov 2017 11:56:01 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id bpURabMI98pM for ; Fri, 3 Nov 2017 11:56:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id DDF6C5FD8B for ; Fri, 3 Nov 2017 11:56:00 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 76DF6E095C for ; Fri, 3 Nov 2017 11:56:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 377D22419F for ; Fri, 3 Nov 2017 11:56:00 +0000 (UTC) Date: Fri, 3 Nov 2017 11:56:00 +0000 (UTC) From: "Lukasz Lenart (JIRA)" To: issues@struts.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (STR-3223) We are hit with CVE-2014-0050 for file Commons FileUpload 1.1.1 and same is fixed with version Commons FileUpload 1.3.1. But we would like to use Commons FileUpload 1.3.3 which is latest one with struts 1.0. Is that possible or recommend way to use. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/STR-3223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16237498#comment-16237498 ] Lukasz Lenart commented on STR-3223: ------------------------------------ Struts 1 isn't supported anymore https://struts.apache.org/struts1eol-announcement.html > We are hit with CVE-2014-0050 for file Commons FileUpload 1.1.1 and same is fixed with version Commons FileUpload 1.3.1. But we would like to use Commons FileUpload 1.3.3 which is latest one with struts 1.0. Is that possible or recommend way to use. > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: STR-3223 > URL: https://issues.apache.org/jira/browse/STR-3223 > Project: Struts 1 > Issue Type: Bug > Reporter: Bhanu Prathap > Priority: Critical > -- This message was sent by Atlassian JIRA (v6.4.14#64029)