These are all security issues fixed in the jakarta-commons-fileupload-1.1.1-125.11 package on the GA media of openSUSE Tumbleweed.