Hello, The Apache Fineract project would like to hereby disclose that our 1.3.0
release includes a fix for CVE-2016-4977 : A known vulnerability in spring security upstream dependencies allowed malicious users to trigger remote code execution. See https://nvd.nist.gov/vuln/detail/CVE-2016-4977 for details of the upstream CVE. We would like to thank Roberto ([email protected]) for reporting this issue and the Apache Security team for their assistance. Additional details at https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report. Regards, Vishwas
