| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| The Apache Commons FileUpload team is pleased to announce the Apache Commons |
| FileUpload 1.3.1 release! |
| |
| The Apache Commons FileUpload component provides a simple yet flexible means of |
| adding support for multipart file upload functionality to servlets and web |
| applications. |
| |
| No client code changes are required to migrate from version 1.3.0 to 1.3.1. |
| |
| |
| Changes in version 1.3.1 include: |
| |
| Fixed Bugs: |
| o SECURITY - CVE-2014-0050. Specially crafted input can trigger a DoS if the |
| buffer used by the MultipartStream is not big enough. When constructing |
| MultipartStream enforce the requirements for buffer size by throwing an |
| IllegalArgumentException if the requested buffer size is too small. This |
| prevents the DoS. |
| o When deserializing DiskFileItems ensure that the repository location, if |
| any, is a valid one. Thanks to Arun Babu Neelicattu. |
| o Correct example in usage documentation so it compiles. |
| |
| |
| |
| Have fun! |
| -Apache Commons FileUpload team |
| |