fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

renovate-bot · 2025-07-09T18:55:52Z

This PR contains the following updates:

Package	Change	Age	Confidence
commons-fileupload:commons-fileupload (source)	`1.5` -> `1.6.0`

GitHub Vulnerability Alerts

CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.

This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

… v1.6.0 [security]

forking-renovate bot added the automerge Merge the pull request once unit tests and other checks pass. label Jul 9, 2025

renovate-bot requested a review from a team as a code owner July 9, 2025 18:55

renovate-bot added the automerge Merge the pull request once unit tests and other checks pass. label Jul 9, 2025

blunderbuss-gcf bot assigned Mukamik Jul 9, 2025

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 9, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 9, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from e80e4a8 to 94e263b Compare July 10, 2025 09:08

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 10, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 10, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 94e263b to 923c942 Compare July 11, 2025 01:15

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 11, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 11, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 923c942 to bc2928f Compare July 11, 2025 17:26

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 11, 2025

kokoro-team removed kokoro:force-run Add this label to force Kokoro to re-run the tests. labels Jul 11, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from bc2928f to 863a0e3 Compare July 12, 2025 07:01

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 863a0e3 to 491d848 Compare July 12, 2025 15:33

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 491d848 to a2cd3bb Compare July 12, 2025 23:43

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from a2cd3bb to d2ac08f Compare July 13, 2025 07:08

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 13, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 13, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from d2ac08f to a2440d4 Compare July 13, 2025 16:03

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 13, 2025

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 3, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 3, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from af951c2 to 9ecf29e Compare October 3, 2025 14:57

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 3, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 3, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 9ecf29e to d843a2d Compare October 3, 2025 22:34

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 3, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 3, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from d843a2d to 0d5802f Compare October 4, 2025 06:06

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 4, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 4, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 0d5802f to e0c7692 Compare October 4, 2025 14:42

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 4, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 4, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from e0c7692 to 53982aa Compare October 4, 2025 22:04

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 4, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 4, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 53982aa to db835ef Compare October 5, 2025 06:40

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 5, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 5, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from db835ef to 48c37e1 Compare October 5, 2025 14:33

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 5, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 5, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 48c37e1 to 11dd78d Compare October 5, 2025 22:29

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 5, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 5, 2025

fix(deps): update dependency commons-fileupload:commons-fileupload to…

2f54801

… v1.6.0 [security]

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 11dd78d to 2f54801 Compare October 6, 2025 07:15

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 6, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 6, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

Uh oh!

renovate-bot commented Jul 9, 2025

Uh oh!

Uh oh!

fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

Are you sure you want to change the base?

fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

Uh oh!

Conversation

renovate-bot commented Jul 9, 2025

GitHub Vulnerability Alerts

CVE-2025-48976

Configuration

Uh oh!

Uh oh!