search

twitter / finatra

Fast, testable, Scala services built on TwitterServer and Finagle
https://twitter.github.io/finatra/
Apache License 2.0
2.27k stars 406 forks source link

finatra: Fix Commons FileUpload vulnerability #497

Closed kittsville closed 5 years ago

kittsville commented 5 years ago

Problem

Commons FileUpload 1.3.1 has a high severity vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2016-3092

Solution

Update Commons FileUpload to a version not vulnerable

CLAassistant commented 5 years ago

CLA assistant check
All committers have signed the CLA.

codecov[bot] commented 5 years ago

Codecov Report

Merging #497 into develop will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff            @@
##           develop     #497   +/-   ##
========================================
  Coverage    92.49%   92.49%           
========================================
  Files          244      244           
  Lines         3890     3890           
  Branches       288      294    +6     
========================================
  Hits          3598     3598           
  Misses         292      292

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update feb887e...b1cbe43. Read the comment docs.

ryanoneill commented 5 years ago

@kittsville, thanks for opening these. With the way Twitter's monorepo works though, we need to ensure that we can upgrade the entire company at one time, which generally requires more internal work. I or another team member will be looking at these more closely sometime this week.

cacoco commented 5 years ago

@kittsville merged in d5d3273729d526e610f9f3c7f8c2bce976d971dc. Thanks!