We should include the patch in the new release of Camel 2.14.2. So I change my vote to -1 and will do a new cut of it shortly.
-- Willem Jiang Red Hat, Inc. Web: http://www.redhat.com Blog: http://willemjiang.blogspot.com (English) http://jnn.iteye.com (Chinese) Twitter: willemjiang Weibo: 姜宁willem On March 2, 2015 at 3:23:26 PM, Siano, Stephan (stephan.si...@sap.com) wrote: > Hi, > > The version does still contain the XXE vulnerability for XPath and the > XmlConverter > (CAMEL-8311 and CAMEL-8312). I think this is about as serious as the issues > from CVE-2014-0002 > and CVE-2014-0003, so these two patches should really be in there. > > -1 (non binding) > > Best regards > Stephan > > -----Original Message----- > From: Willem Jiang [mailto:willem.ji...@gmail.com] > Sent: Samstag, 28. Februar 2015 14:29 > To: dev@camel.apache.org > Subject: [VOTE] Release Camel 2.14.1 > > This is a vote to release Apache Camel 2.14.2, a patch release coming > with about 94 issues fixed. > > Release notes: > 2.14.2 > https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12329070&styleName=Html&projectId=12311211 > > > > Staging repo: > 2.14.2 https://repository.apache.org/content/repositories/orgapachecamel-1024 > > > > Tarballs: > 2.14.2 > https://repository.apache.org/content/repositories/orgapachecamel-1024/org/apache/camel/apache-camel/2.14.2/ > > > > Tag: > 2.14.2 > https://git-wip-us.apache.org/repos/asf?p=camel.git;a=tag;h=c8ab49cbaa9c5c8ae776176f7703f5d757fd10cd > > > Please test this release candidate and cast your vote. > [ ] +1 Release the binary as Apache Camel 2.14.2 > [ ] -1 Veto the release (provide specific comments) > Vote is open for at least 72 hours. > > -- > Willem Jiang > > Red Hat, Inc. > Web: http://www.redhat.com > Blog: http://willemjiang.blogspot.com (English) > http://jnn.iteye.com (Chinese) > Twitter: willemjiang > Weibo: 姜宁willem > > > >
