fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

renovate-bot · 2025-07-09T18:55:52Z

This PR contains the following updates:

Package	Change	Age	Confidence
commons-fileupload:commons-fileupload (source)	`1.5` -> `1.6.0`

GitHub Vulnerability Alerts

CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.

This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

… v1.6.0 [security]

forking-renovate bot added the automerge Merge the pull request once unit tests and other checks pass. label Jul 9, 2025

renovate-bot requested a review from a team as a code owner July 9, 2025 18:55

renovate-bot added the automerge Merge the pull request once unit tests and other checks pass. label Jul 9, 2025

blunderbuss-gcf bot assigned Mukamik Jul 9, 2025

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 9, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 9, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from e80e4a8 to 94e263b Compare July 10, 2025 09:08

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 10, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 10, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 94e263b to 923c942 Compare July 11, 2025 01:15

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 11, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 11, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 923c942 to bc2928f Compare July 11, 2025 17:26

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 11, 2025

kokoro-team removed kokoro:force-run Add this label to force Kokoro to re-run the tests. labels Jul 11, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from bc2928f to 863a0e3 Compare July 12, 2025 07:01

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 863a0e3 to 491d848 Compare July 12, 2025 15:33

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 491d848 to a2cd3bb Compare July 12, 2025 23:43

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 12, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from a2cd3bb to d2ac08f Compare July 13, 2025 07:08

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 13, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 13, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from d2ac08f to a2440d4 Compare July 13, 2025 16:03

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 13, 2025

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 9, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 9, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 5e2b893 to f57253b Compare September 10, 2025 04:58

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 10, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 10, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from f57253b to 2e290d2 Compare September 10, 2025 15:37

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 10, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 10, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 2e290d2 to f4140c1 Compare September 10, 2025 22:46

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 10, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 10, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from f4140c1 to 2f2ebe3 Compare September 11, 2025 07:02

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 11, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 11, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 2f2ebe3 to 864106a Compare September 11, 2025 15:43

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 11, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 11, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 864106a to 1efbe8f Compare September 14, 2025 00:56

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 14, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 14, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 1efbe8f to 8755d0f Compare September 14, 2025 14:45

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 14, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 14, 2025

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 8755d0f to 8e17edd Compare September 14, 2025 22:24

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 14, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 14, 2025

fix(deps): update dependency commons-fileupload:commons-fileupload to…

2720bc2

… v1.6.0 [security]

renovate-bot force-pushed the renovate/maven-commons-fileupload-commons-fileupload-vulnerability branch from 8e17edd to 2720bc2 Compare September 15, 2025 07:01

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 15, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 15, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

Uh oh!

renovate-bot commented Jul 9, 2025

Uh oh!

Uh oh!

fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

Are you sure you want to change the base?

fix(deps): update dependency commons-fileupload:commons-fileupload to v1.6.0 [security] #1254

Uh oh!

Conversation

renovate-bot commented Jul 9, 2025

GitHub Vulnerability Alerts

CVE-2025-48976

Configuration

Uh oh!

Uh oh!