SOLR-12204: Upgrade commons-fileupload dependency to 1.3.3 to address CVE-2016-1000031

lucene/ivy-versions.properties

@@ -53,7 +53,7 @@ com.sun.jersey.version = 1.9
 /commons-collections/commons-collections = 3.2.2
 /commons-configuration/commons-configuration = 1.6
 /commons-digester/commons-digester = 2.1
-/commons-fileupload/commons-fileupload = 1.3.2
+/commons-fileupload/commons-fileupload = 1.3.3
 /commons-io/commons-io = 2.5
 /commons-lang/commons-lang = 2.6
 /commons-logging/commons-logging = 1.1.3

solr/CHANGES.txt

@@ -230,6 +230,24 @@ Other Changes
 * SOLR-12134: ref-guide 'bare-bones html' validation is now part of 'ant documentation' and validates
   javadoc links locally. (hossman)
 
+==================  7.3.1 ==================
+
+Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.
+
+Versions of Major Components
+---------------------
+Apache Tika 1.17
+Carrot2 3.15.0
+Velocity 1.7 and Velocity Tools 2.0
+Apache UIMA 2.3.1
+Apache ZooKeeper 3.4.11
+Jetty 9.4.8.v20171121
+
+Bug Fixes
+----------------------
+
+* SOLR-12204: Upgrade commons-fileupload dependency to 1.3.3 to address CVE-2016-1000031.  (Steve Rowe)
+
 ==================  7.3.0 ==================
 
 Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.

solr/licenses/commons-fileupload-1.3.2.jar.sha1

@@ -1 +0,0 @@
-5d7491ed6ebd02b6a8d2305f8e6b7fe5dbd95f72

solr/licenses/commons-fileupload-1.3.3.jar.sha1

@@ -0,0 +1 @@
+04ff14d809195b711fd6bcc87e6777f886730ca1