[KARAF-7737] Stepup to use latest commons-fileupload - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 4.4.3
Fix Version/s: 4.4.3, 4.3.10
Component/s: karaf
Labels:
- security

Description

We use latest Apache Karaf runtime 4.4.3. Our security scanners flag CVE-2023-24988 on this because the karaf.webconsole https://mvnrepository.com/artifact/org.apache.karaf.webconsole/org.apache.karaf.webconsole.console/4.4.3 uses vulnerable commons-fileupload 1.4

There is new version of this fileupload which is clear from the CVE. So please stepup to the newer version in the upcoming Karaf release.

Attachments

Activity

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Karthick

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Aug/23 05:37

Updated:: 28/Aug/23 11:49

Resolved:: 28/Aug/23 06:09