Move the security issue to the top of the change log
git-svn-id: https://svn.apache.org/repos/asf/commons/proper/fileupload/trunk@1565211 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index e97db49..83cf12d 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -44,6 +44,13 @@
<body>
<release version="1.3.1" description="maintenance release" date="TBD">
+ <action dev="markt" type="fix">
+ SECURITY - CVE-2014-0050. Specially crafted input can trigger a DoS if the
+ buffer used by the MultipartStream is not big enough. When constructing
+ MultipartStream enforce the requirements for buffer size by throwing an
+ IllegalArgumentException if the requested buffer size is too small. This
+ prevents the DoS.
+ </action>
<action dev="markt" type="fix" due-to="Arun Babu Neelicattu" due-to-email="abn@redhat.com">
When deserializing DiskFileItems ensure that the repository location, if
any, is a valid one.
@@ -51,13 +58,6 @@
<action dev="markt" type="fix">
Correct example in usage documentation so it compiles.
</action>
- <action dev="markt" type="fix">
- Fix CVE-2014-0050. Specially crafted input can trigger a DoS if the
- buffer used by the MultipartStream is not big enough. When constructing
- MultipartStream enforce the requirements for buffer size by throwing an
- IllegalArgumentException if the requested buffer size is too small. This
- prevents the DoS.
- </action>
</release>
<release version="1.3" description="maintenance release, JDK1.5 update" date="2013-03-27">