[ATTN] Security vulnerability found in Lift dependency, upgrade now

[Antonio Salazar Cardozo]

Hey there folks,

We recently found out that Lift depends on a version of Apache Commons

FileUpload that has a known DoS vulnerability. The easiest fix for you is to

add a dependency to the latest version of `commons-fileupload`, 1.3.1, to

your build. Your application should then be using that version instead of Lift's,

and that should work without further issues.

Additionally, we've published Lift 2.5.4, Lift 2.6.3, and Lift 3.0-M8, all of which

depend on the latest version of commons-fileupload. That is the only change

in the 2.5 and 2.6 releases, while 3.0-M8 has a much longer list of additional

changes, which you can find/discuss in the 3.0-M8 release announcement.

Thanks,

Antonio