This content has been marked as final.
Show 1 reply
-
1. Re: jboss-as-7.1.1.Final CVE-2014-0050 apache-commons-fileupload: denial of service
ctomc Sep 30, 2015 11:58 AM (in response to padivi1)You will need to upgrade to newer community version of Jboss AS, which isn't affected by this CVE.
Jboss AS was renamed to WildFly after version 7, so grab any 8 or newer version and you should be fine, you can grab it at http://wildfly.org/downloads/
The links you send apply to JBoss EAP, Red Hat commercially supported version of application server and not directly to community versions.
Community codebase is fixed as well but fixes are available as part of new versions.
Basically think of new version community releases as cumulative security updates that get all fixes as well as new features.