[jira] Updated: (GERONIMO-5387) Update the spring framework to fix Spring framework CVE-2010-1622 vulnerability.

Rick McGuire (JIRA) Thu, 08 Jul 2010 08:51:16 -0700

     [ 
https://issues.apache.org/jira/browse/GERONIMO-5387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rick McGuire updated GERONIMO-5387:
-----------------------------------

    Fix Version/s: 2.1.7
                       (was: 2.1.6)

> Update the spring framework to fix Spring framework CVE-2010-1622 
> vulnerability. 
> ---------------------------------------------------------------------------------
>
>                 Key: GERONIMO-5387
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5387
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: general
>    Affects Versions: 2.1.5, 2.2
>            Reporter: Rick McGuire
>            Assignee: Rick McGuire
>            Priority: Critical
>             Fix For: 2.1.7, 2.2.1
>
>
> The Spring framework used by the Apache Geronimo server has a critical 
> security vulnerability that can allow injection of malicious code into the a 
> web application.  Details of the vulnerability can be found here: 
> http://www.securityfocus.com/archive/1/511877/30/0/threaded
> There are no known locations in the Geronimo server where this vulnerability 
> can be exploited, but any applications built using the included spring 
> framework libraries can be a risk.  This will update Spring version to the 
> 2.5.6.SEC02 level. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (GERONIMO-5387) Update the spring framework to fix Spring framework CVE-2010-1622 vulnerability.

Reply via email to