------------------------------------------------------------------- Tue Jun 17 16:04:25 UTC 2025 - Fridrich Strba - Upgrade to upstream version 1.6.0 * Fixes bsc#1244657, CVE-2025-48976 * New features: + [1.x] Enable multipart/related on FileUpload #314. + Add JApiCmp to the default Maven goal. + Add partHeaderSizeMax, a new limit that sets a maximum number of bytes for each individual multipart header. The default is 512 bytes. * Fixed Bugs: + Replace use of Locale.ENGLISH with Locale.ROOT. + Remove unused exception from FileUploadBase.createItem(Map, boolean). + Migrate from deprecated API in DiskFileItem.getOutputStream(). + Use try-with-resources. + Port to Java 1.4 Throwable APIs (!). + Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80). + DiskFileItem.getInputStream() now uses NIO. + Last statement in DiskFileItem.finalize() method should be a call to super.finalize(). + org.apache.commons.fileupload.FileUploadBase .FileUploadIOException is now a proper Java 1.4-style exception (propagates its cause to super). + Use java.util.Base64 instead of custom code. * Changes: + Bump Java from 6 to 8. + Bump org.apache.commons:commons-parent from 62 to 84, upgrades Doxia from 1 to 2. + Bump commons-io from 2.11.0 to 2.19.0. + Bump javax.servlet:servlet-api from 2.4 to 2.5. + Bump JUnit from junit:junit:4.13.2 org.junit.vintage:junit-vintage-engine from parent POM. ------------------------------------------------------------------- Wed Oct 2 15:31:16 UTC 2024 - Fridrich Strba - Spec file cleanup ------------------------------------------------------------------- Tue May 23 04:40:49 UTC 2023 - Fridrich Strba - Upgrade to upstream version 1.5 * New features: + Add a configurable limit (disabled by default) for the number of files to upload per request (bsc#1208513, CVE-2023-24998). The new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. * Fixed Bugs: + FILEUPLOAD-293: DiskFileItem.write(File) had been changed to use FileUtils.moveFile internally, preventing an existing file as the target. + Improve parsing speed. * Changes: + Bump Commons IO to 2.11.0 + FILEUPLOAD-328 Switch from Cobertura code coverage to Jacoco code coverage. + Bump JUnit to 4.13.2 ------------------------------------------------------------------- Wed Mar 23 23:05:42 UTC 2022 - Fridrich Strba - Build with java source and target levels 8 ------------------------------------------------------------------- Mon Apr 8 08:21:30 UTC 2019 - Fridrich Strba - Rename to apache-commons-fileupload and upgrade to version 1.4 - Generate and customize ant build.xml file ------------------------------------------------------------------- Fri Dec 7 06:28:14 UTC 2018 - Fridrich Strba - Build against xml-commons-apis instead of xerces-j2-xml-apis ------------------------------------------------------------------- Mon Sep 18 11:22:00 UTC 2017 - fstrba@suse.com - Fix build with jdk9: specify java source and target 1.6 - Clean spec file and fix rpmlint warnings ------------------------------------------------------------------- Tue Jul 8 09:18:04 UTC 2014 - tchvatal@suse.com - Not needed condition. ------------------------------------------------------------------- Tue Jul 8 09:16:56 UTC 2014 - tchvatal@suse.com - Cleanup with spec-cleaner and fix build on sle11 properly. ------------------------------------------------------------------- Fri Jun 27 12:58:58 UTC 2014 - jmatejek@suse.com - added Xerces xml-apis to dependencies to fix build ------------------------------------------------------------------- Thu May 15 15:18:30 UTC 2014 - darin@darins.net - disable bytecode check on sle_11 - remove removal of buildroot in %install ------------------------------------------------------------------- Wed Apr 2 13:16:52 UTC 2014 - tchvatal@suse.com - Fix bnc#862781/CVE-2014-0050: buffer overflow http://svn.apache.org/viewvc?view=revision&revision=1565143 * jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch ------------------------------------------------------------------- Fri Oct 18 11:50:53 UTC 2013 - mvyskocil@suse.com - remove gcj part and deprecated macros ------------------------------------------------------------------- Thu Oct 17 08:32:35 UTC 2013 - mvyskocil@suse.com - fix bnc#846174/CVE-2013-2186: null byte injection flaw http://svn.apache.org/viewvc?view=revision&revision=1507048 * jakarta-commons-fileupload-CVE-2013-2186.patch ------------------------------------------------------------------- Mon Sep 9 11:05:47 UTC 2013 - tchvatal@suse.com - Move from jpackage-utils to javapackage-tools ------------------------------------------------------------------- Thu Mar 13 16:23:38 CET 2008 - mvyskocil@suse.cz - merged with jpackage 1.7 - update to 1.1.1 ------------------------------------------------------------------- Fri Sep 22 14:09:58 CEST 2006 - skh@suse.de - don't use icecream - use target="1.4" for build with java 1.5 ------------------------------------------------------------------- Wed Jan 25 21:46:37 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Tue Oct 18 11:46:47 CEST 2005 - jsmeix@suse.de - Current version 1.0 from JPackage.org ------------------------------------------------------------------- Thu Sep 29 00:13:02 CEST 2005 - dmueller@suse.de - add norootforbuild ------------------------------------------------------------------- Fri Sep 17 01:33:21 CEST 2004 - skh@suse.de - Fix prerequires of javadoc subpackage ------------------------------------------------------------------- Sun Sep 5 22:42:53 CEST 2004 - skh@suse.de - Initial package created with version 1.0 (JPackage 1.5)