Re: (commons-fileupload) branch release-1.x updated: Add information for CVE-2025-48976

Mon, 16 Jun 2025 07:31:57 -0700 

Yes, I think I did. I'll fix that.

Mark

On 16/06/2025 15:05, Gary Gregory wrote:

Hi Mark,

You probably meant to update the 1.x branch as the branches names "release"
get merged into in order the create releases.

Gary

On Mon, Jun 16, 2025, 08:32 <ma...@apache.org> wrote:


This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch release-1.x
in repository https://gitbox.apache.org/repos/asf/commons-fileupload.git


The following commit(s) were added to refs/heads/release-1.x by this push:
      new 91f09c1a Add information for CVE-2025-48976
91f09c1a is described below

commit 91f09c1ae3432051b6d94ab0ec3f0becf3de08ea
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Jun 16 13:30:14 2025 +0100

     Add information for CVE-2025-48976
---
  RELEASE-NOTES.txt       | 2 +-
  src/changes/changes.xml | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt
index ea0b8f33..86215889 100644
--- a/RELEASE-NOTES.txt
+++ b/RELEASE-NOTES.txt
@@ -28,7 +28,7 @@ Changes in this version include:
  New features:
  o                  [1.x] Enable multipart/related on FileUpload #314.
Thanks to mufasa1976, Jochen Wiedmann, Gary Gregory.
  o                  Add JApiCmp to the default Maven goal. Thanks to Gary
Gregory.
-o                  Add partHeaderSizeMax, a new limit that sets a maximum
number of bytes for each individual multipart header. The default is 512
bytes. Thanks to Mark Thomas.
+o                  SECURITY - CVE-2025-48976. Add partHeaderSizeMax, a
new limit that sets a maximum number of bytes for each individual multipart
header. The default is 512 bytes. Thanks to Mark Thomas.

  Fixed Bugs:
  o                  Replace use of Locale.ENGLISH with Locale.ROOT. Thanks
to Gary Gregory.
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 2134d877..e71e9097 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -46,7 +46,7 @@ The <action> type attribute can be add,update,fix,remove.
        <!-- ADD -->
        <action type="add" dev="ggregory" due-to="mufasa1976, Jochen
Wiedmann, Gary Gregory">[1.x] Enable multipart/related on FileUpload
#314.</action>
        <action type="add" dev="ggregory" due-to="Gary Gregory">Add JApiCmp
to the default Maven goal.</action>
-      <action type="add" dev="markt"    due-to="Mark Thomas">Add
partHeaderSizeMax, a new limit that sets a maximum number of bytes for each
individual multipart header. The default is 512 bytes.</action>
+      <action type="add" dev="markt"    due-to="Mark Thomas">SECURITY -
CVE-2025-48976. Add partHeaderSizeMax, a new limit that sets a maximum
number of bytes for each individual multipart header. The default is 512
bytes.</action>
        <!-- FIX -->
        <action type="fix" dev="ggregory" due-to="Gary Gregory">Replace use
of Locale.ENGLISH with Locale.ROOT.</action>
        <action type="fix" dev="ggregory" due-to="Gary Gregory">Remove
unused exception from FileUploadBase.createItem(Map, boolean).</action>







---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Reply via email to