File apache-commons-fileupload.changes of Package apache-commons-fileupload
-------------------------------------------------------------------
Tue Jun 17 16:04:25 UTC 2025 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 1.6.0
* Fixes bsc#1244657, CVE-2025-48976
* New features:
+ [1.x] Enable multipart/related on FileUpload #314.
+ Add JApiCmp to the default Maven goal.
+ Add partHeaderSizeMax, a new limit that sets a maximum number
of bytes for each individual multipart header. The default is
512 bytes.
* Fixed Bugs:
+ Replace use of Locale.ENGLISH with Locale.ROOT.
+ Remove unused exception from FileUploadBase.createItem(Map,
boolean).
+ Migrate from deprecated API in DiskFileItem.getOutputStream().
+ Use try-with-resources.
+ Port to Java 1.4 Throwable APIs (!).
+ Remove -nouses directive from maven-bundle-plugin. OSGi
package imports now state 'uses' definitions for package
imports, this doesn't affect JPMS (from
org.apache.commons:commons-parent:80).
+ DiskFileItem.getInputStream() now uses NIO.
+ Last statement in DiskFileItem.finalize() method should be a
call to super.finalize().
+ org.apache.commons.fileupload.FileUploadBase
.FileUploadIOException is now a proper Java 1.4-style
exception (propagates its cause to super).
+ Use java.util.Base64 instead of custom code.
* Changes:
+ Bump Java from 6 to 8.
+ Bump org.apache.commons:commons-parent from 62 to 84, upgrades
Doxia from 1 to 2.
+ Bump commons-io from 2.11.0 to 2.19.0.
+ Bump javax.servlet:servlet-api from 2.4 to 2.5.
+ Bump JUnit from junit:junit:4.13.2
org.junit.vintage:junit-vintage-engine from parent POM.
-------------------------------------------------------------------
Wed Oct 2 15:31:16 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Spec file cleanup
-------------------------------------------------------------------
Tue May 23 04:40:49 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 1.5
* New features:
+ Add a configurable limit (disabled by default) for the number
of files to upload per request (bsc#1208513, CVE-2023-24998).
The new configuration option (FileUploadBase#setFileCountMax)
is not enabled by default and must be explicitly configured.
* Fixed Bugs:
+ FILEUPLOAD-293: DiskFileItem.write(File) had been changed to
use FileUtils.moveFile internally, preventing an existing file
as the target.
+ Improve parsing speed.
* Changes:
+ Bump Commons IO to 2.11.0
+ FILEUPLOAD-328 Switch from Cobertura code coverage to Jacoco
code coverage.
+ Bump JUnit to 4.13.2
-------------------------------------------------------------------
Wed Mar 23 23:05:42 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Build with java source and target levels 8
-------------------------------------------------------------------
Mon Apr 8 08:21:30 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Rename to apache-commons-fileupload and upgrade to version 1.4
- Generate and customize ant build.xml file
-------------------------------------------------------------------
Fri Dec 7 06:28:14 UTC 2018 - Fridrich Strba <fstrba@suse.com>
- Build against xml-commons-apis instead of xerces-j2-xml-apis
-------------------------------------------------------------------
Mon Sep 18 11:22:00 UTC 2017 - fstrba@suse.com
- Fix build with jdk9: specify java source and target 1.6
- Clean spec file and fix rpmlint warnings
-------------------------------------------------------------------
Tue Jul 8 09:18:04 UTC 2014 - tchvatal@suse.com
- Not needed condition.
-------------------------------------------------------------------
Tue Jul 8 09:16:56 UTC 2014 - tchvatal@suse.com
- Cleanup with spec-cleaner and fix build on sle11 properly.
-------------------------------------------------------------------
Fri Jun 27 12:58:58 UTC 2014 - jmatejek@suse.com
- added Xerces xml-apis to dependencies to fix build
-------------------------------------------------------------------
Thu May 15 15:18:30 UTC 2014 - darin@darins.net
- disable bytecode check on sle_11
- remove removal of buildroot in %install
-------------------------------------------------------------------
Wed Apr 2 13:16:52 UTC 2014 - tchvatal@suse.com
- Fix bnc#862781/CVE-2014-0050: buffer overflow
http://svn.apache.org/viewvc?view=revision&revision=1565143
* jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch
-------------------------------------------------------------------
Fri Oct 18 11:50:53 UTC 2013 - mvyskocil@suse.com
- remove gcj part and deprecated macros
-------------------------------------------------------------------
Thu Oct 17 08:32:35 UTC 2013 - mvyskocil@suse.com
- fix bnc#846174/CVE-2013-2186: null byte injection flaw
http://svn.apache.org/viewvc?view=revision&revision=1507048
* jakarta-commons-fileupload-CVE-2013-2186.patch
-------------------------------------------------------------------
Mon Sep 9 11:05:47 UTC 2013 - tchvatal@suse.com
- Move from jpackage-utils to javapackage-tools
-------------------------------------------------------------------
Thu Mar 13 16:23:38 CET 2008 - mvyskocil@suse.cz
- merged with jpackage 1.7
- update to 1.1.1
-------------------------------------------------------------------
Fri Sep 22 14:09:58 CEST 2006 - skh@suse.de
- don't use icecream
- use target="1.4" for build with java 1.5
-------------------------------------------------------------------
Wed Jan 25 21:46:37 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Tue Oct 18 11:46:47 CEST 2005 - jsmeix@suse.de
- Current version 1.0 from JPackage.org
-------------------------------------------------------------------
Thu Sep 29 00:13:02 CEST 2005 - dmueller@suse.de
- add norootforbuild
-------------------------------------------------------------------
Fri Sep 17 01:33:21 CEST 2004 - skh@suse.de
- Fix prerequires of javadoc subpackage
-------------------------------------------------------------------
Sun Sep 5 22:42:53 CEST 2004 - skh@suse.de
- Initial package created with version 1.0 (JPackage 1.5)
