[opencms-dev] CVE-2014-0050 Apache Commons FileUpload

[Schliemann, Kai]

Hi list,
we checked the ADE Upload on OpenCms 9.0.1 with commons-fileupload version 1.3.1 with no problems.
We uploaded some files and got no error.

HTH

Best regards
________________________________________

Kai Schliemann
Dipl.-Wirtschaftsingenieur (FH)
Senior IT-Berater Softwareentwicklung

comundus GmbH
Schüttelgrabenring 3, D-71332 Waiblingen
Zentrale      +49 7151-94421-10
Durchwahl  +49 7151-94421-20
Fax             +49 7151-94421-39
E-Mail k.schliemann at comundus.com<mailto:k.schliemann at comundus.com>
Internet www.comundus.com<http://www.comundus.com/>

Geschäftsführer Klaus Hillemeier
Amtsgericht Stuttgart, HRB 264290

comundus ist ein Unternehmen der IT EXCELLENCE Group
________________________________________

[facebook]<http://www.facebook.com/pages/Comundus-GmbH/163398933697079?v=wall> comundus bei Facebook



Von: opencms-dev-bounces at opencms.org [mailto:opencms-dev-bounces at opencms.org] Im Auftrag von Christian Zunker
Gesendet: Donnerstag, 13. Februar 2014 10:49
An: opencms-dev at opencms.org
Betreff: [opencms-dev] CVE-2014-0050 Apache Commons FileUpload

Hi everyone,

I've received an email from Apache concerning this security bug in commons-fileupload:
http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E

We are hosting an OpenCMS installation with a vulnerable version of commons-fileupload.
Is it possible to just take the newest version of commons-fileupload or will there be a maintenance release of OpenCMS?

regards
Christian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20140213/a6877b2b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 725 bytes
Desc: image001.jpg
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20140213/a6877b2b/attachment.jpg>