commit d3f5af3b8c9f95e2089123cad0c82223a33ab592
author Mark Thomas <markt@apache.org> Thu Feb 06 12:45:29 2014 +0000
committer Mark Thomas <markt@apache.org> Thu Feb 06 12:45:29 2014 +0000
tree bd8adfb8861764cc63575b7a92fb8781defc04a2
parent 09f1651a980b83a152913883898915cd01fa1e13

Move the security issue to the top of the change log

git-svn-id: https://svn.apache.org/repos/asf/commons/proper/fileupload/trunk@1565211 13f79535-47bb-0310-9956-ffa450edef68

src/changes/changes.xml

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index e97db49..83cf12d 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -44,6 +44,13 @@
 
   <body>
     <release version="1.3.1" description="maintenance release" date="TBD">
+      <action dev="markt" type="fix">
+        SECURITY - CVE-2014-0050. Specially crafted input can trigger a DoS if the
+        buffer used by the MultipartStream is not big enough. When constructing
+        MultipartStream enforce the requirements for buffer size by throwing an
+        IllegalArgumentException if the requested buffer size is too small. This
+        prevents the DoS. 
+      </action>
       <action dev="markt" type="fix" due-to="Arun Babu Neelicattu" due-to-email="abn@redhat.com">
         When deserializing DiskFileItems ensure that the repository location, if
         any, is a valid one.
@@ -51,13 +58,6 @@
       <action dev="markt" type="fix">
         Correct example in usage documentation so it compiles.
       </action>
-      <action dev="markt" type="fix">
-        Fix CVE-2014-0050. Specially crafted input can trigger a DoS if the
-        buffer used by the MultipartStream is not big enough. When constructing
-        MultipartStream enforce the requirements for buffer size by throwing an
-        IllegalArgumentException if the requested buffer size is too small. This
-        prevents the DoS. 
-      </action>
     </release>
     
     <release version="1.3" description="maintenance release, JDK1.5 update" date="2013-03-27">