fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

renovate-bot · 2025-07-09T18:55:52Z

This PR contains the following updates:

Package	Change	Age	Confidence
commons-fileupload:commons-fileupload (source)	`1.5` -> `1.6.0`

GitHub Vulnerability Alerts

CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.

This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

… v1.6.0 [security]

forking-renovate bot added the automerge Merge the pull request once unit tests and other checks pass. label Jul 9, 2025

renovate-bot requested a review from a team as a code owner July 9, 2025 18:55

renovate-bot added the automerge Merge the pull request once unit tests and other checks pass. label Jul 9, 2025

blunderbuss-gcf bot assigned Mukamik Jul 9, 2025

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 9, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 9, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from e80e4a8 to 94e263b Compare July 10, 2025 09:08

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 10, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 10, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 94e263b to 923c942 Compare July 11, 2025 01:15

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 11, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 11, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 923c942 to bc2928f Compare July 11, 2025 17:26

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 11, 2025

kokoro-team removed kokoro:force-run Add this label to force Kokoro to re-run the tests. labels Jul 11, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from bc2928f to 863a0e3 Compare July 12, 2025 07:01

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 863a0e3 to 491d848 Compare July 12, 2025 15:33

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 491d848 to a2cd3bb Compare July 12, 2025 23:43

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from a2cd3bb to d2ac08f Compare July 13, 2025 07:08

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 13, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 13, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from d2ac08f to a2440d4 Compare July 13, 2025 16:03

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 13, 2025

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 20, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 20, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from e9a512b to 9f7d8a5 Compare September 20, 2025 18:46

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 20, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 20, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 9f7d8a5 to 67f97cb Compare September 21, 2025 02:37

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 21, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 21, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 67f97cb to a071060 Compare September 21, 2025 10:04

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 21, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 21, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from a071060 to be7860f Compare September 21, 2025 18:34

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 21, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 21, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from be7860f to 80ef273 Compare September 22, 2025 03:04

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 22, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 22, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 80ef273 to 1bea76e Compare September 22, 2025 11:43

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 22, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 22, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 1bea76e to 1f82d44 Compare September 22, 2025 20:10

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 22, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 22, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 1f82d44 to 3110836 Compare September 23, 2025 03:25

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 23, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 23, 2025

fix(deps): update dependency commons-fileupload:commons-fileupload to…

20db74b

… v1.6.0 [security]

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 3110836 to 20db74b Compare September 23, 2025 11:16

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 23, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 23, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

renovate-bot commented Jul 9, 2025

Uh oh!

Uh oh!

fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

Are you sure you want to change the base?

fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

Conversation

renovate-bot commented Jul 9, 2025

GitHub Vulnerability Alerts

CVE-2025-48976

Configuration

Uh oh!

Uh oh!