Lift 2.5.4: Security Release

Lift 2.5 was found to be using an outdated version of Apache Commons
FileUpload, which had an unpatched DoS vulnerability.

Lift 2.5.4 bumps the dependency to the latest version, 1.3.1, which fixes
this vulnerability. Additionally, if you're using sbt, you can directly depend
on commons-fileupload 1.3.1 to evict the Lift dependency without upgrading
Lift. The versions are compatible with respect to Lift's usage.