Release Notes / Version 11.2304
Table Of ContentsChanged multipart request handling from Commons Fileupload to Servlet API
The runtime dependency
commons-fileupload:commons-fileupload
has been removed in order to prevent vulnerability
CVE-2023-24998
. By removing the application property
spring.servlet.multipart.enabled=true
, the Studio server configuration has been changed from using
Commons Fileupload
for handling multipart requests to using the
Servlet API
.
Follow Section, “Changed multipart request handling from Commons Fileupload to Servlet API” for upgrade information.
(CMS-22731)