From 54bd59299524aa80b6e71957456c8d56e743f4d7 Mon Sep 17 00:00:00 2001
From: HiddenAlx <309764+HiddenAlx@users.noreply.github.com>
Date: Tue, 17 Jun 2025 22:55:30 +0500
Subject: [PATCH] update commons-fileupload2-2.0.0-M1 to
commons-fileupload2-servlet5-2.0.0-M4 (fix CVE-2025-48976) bump dependency
commons-io from 2.15.1 to 2.19
---
apps/examples/pom.xml | 2 +-
assembly/pom.xml | 2 +-
core/pom.xml | 2 +-
.../struts/upload/CommonsMultipartRequestHandler.java | 9 +++++++--
pom.xml | 10 +++++-----
5 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/apps/examples/pom.xml b/apps/examples/pom.xml
index f4becbd02..c9673a83e 100644
--- a/apps/examples/pom.xml
+++ b/apps/examples/pom.xml
@@ -49,7 +49,7 @@
org.apache.commons
- commons-fileupload2-jakarta
+ commons-fileupload2-jakarta-servlet5
commons-io
diff --git a/assembly/pom.xml b/assembly/pom.xml
index 07d3145cb..dc9c20ed3 100644
--- a/assembly/pom.xml
+++ b/assembly/pom.xml
@@ -170,7 +170,7 @@
org.apache.commons
- commons-fileupload2-jakarta
+ commons-fileupload2-jakarta-servlet5
false
diff --git a/core/pom.xml b/core/pom.xml
index f7c6e04db..8e0f21712 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -95,7 +95,7 @@
org.apache.commons
- commons-fileupload2-jakarta
+ commons-fileupload2-jakarta-servlet5
commons-beanutils
diff --git a/core/src/main/java/org/apache/struts/upload/CommonsMultipartRequestHandler.java b/core/src/main/java/org/apache/struts/upload/CommonsMultipartRequestHandler.java
index d94328789..da41c5a83 100644
--- a/core/src/main/java/org/apache/struts/upload/CommonsMultipartRequestHandler.java
+++ b/core/src/main/java/org/apache/struts/upload/CommonsMultipartRequestHandler.java
@@ -41,7 +41,7 @@
import org.apache.commons.fileupload2.core.FileUploadException;
import org.apache.commons.fileupload2.core.FileUploadFileCountLimitException;
import org.apache.commons.fileupload2.core.FileUploadSizeException;
-import org.apache.commons.fileupload2.jakarta.JakartaServletFileUpload;
+import org.apache.commons.fileupload2.jakarta.servlet5.JakartaServletFileUpload;
import org.apache.struts.Globals;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionServlet;
@@ -578,8 +578,13 @@ protected String getTextValue(HttpServletRequest request, FileItem item) {
return item.getString(StandardCharsets.ISO_8859_1);
} catch (IOException e) {
log.info("FileItem-getString", e);
- return item.getString();
+ try {
+ return item.getString();
+ } catch (IOException ex) {
+ log.info("FileItem-getString with default encoding", e);
+ }
}
+ return null;
}
/**
diff --git a/pom.xml b/pom.xml
index b194e6cac..36b233b0d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -394,7 +394,7 @@
3.0.5
2.3.9
5.10.2
- 2.0.0-M1
+ 2.0.0-M4
1.3.0
org.apache.${project.artifactId}
!**.doc-files,org.apache.struts.*;version=${project.version}
@@ -678,8 +678,8 @@
org.apache.commons
- commons-fileupload2-jakarta
- https://javadoc.io/doc/org.apache.commons/commons-fileupload2-jakarta/${fileuploadVersion}/
+ commons-fileupload2-jakarta-servlet5
+ https://javadoc.io/doc/org.apache.commons/commons-fileupload2-jakarta-servlet5/${fileuploadVersion}/
@@ -1061,14 +1061,14 @@
org.apache.commons
- commons-fileupload2-jakarta
+ commons-fileupload2-jakarta-servlet5
${fileuploadVersion}
true
commons-io
commons-io
- 2.15.1
+ 2.19.0
true