[jira] Closed: (GERONIMO-5387) Update the spring framework to fix Spring framework CVE-2010-1622 vulnerability.

Shawn Jiang (JIRA) Wed, 22 Sep 2010 07:47:00 -0700

     [ 
https://issues.apache.org/jira/browse/GERONIMO-5387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Shawn Jiang closed GERONIMO-5387.
---------------------------------

    Resolution: Fixed

Spring version has been updated in 2.1.6 and 22 branch.

> Update the spring framework to fix Spring framework CVE-2010-1622 
> vulnerability. 
> ---------------------------------------------------------------------------------
>
>                 Key: GERONIMO-5387
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5387
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: general
>    Affects Versions: 2.1.5, 2.2
>            Reporter: Rick McGuire
>            Assignee: Rick McGuire
>            Priority: Critical
>             Fix For: 2.2.1, 2.1.6
>
>
> The Spring framework used by the Apache Geronimo server has a critical 
> security vulnerability that can allow injection of malicious code into the a 
> web application.  Details of the vulnerability can be found here: 
> http://www.securityfocus.com/archive/1/511877/30/0/threaded
> There are no known locations in the Geronimo server where this vulnerability 
> can be exploited, but any applications built using the included spring 
> framework libraries can be a risk.  This will update Spring version to the 
> 2.5.6.SEC02 level. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (GERONIMO-5387) Update the spring framework to fix Spring framework CVE-2010-1622 vulnerability.

Reply via email to