[
https://issues.apache.org/jira/browse/GERONIMO-6253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17379180#comment-17379180
]
karthickm edited comment on GERONIMO-6253 at 7/12/21, 1:33 PM:
---------------------------------------------------------------
Hi, as per your release page
[https://geronimo.apache.org/22x-security-report.html] CVE-2011-5034 is
resolved in Geronimo 2.2.1 but as per
[http://nvd.nist.gov/vuln/detail/CVE-2011-5034] as well as
[https://www.whitesourcesoftware.com/vulnerability-database/CVE-2011-5034]
there is no fixed version. Could you confirm whether the latest available
Apache Geronimo has this fix or not?
And, this is not even listed in your 2.2.1 release notes as fixed vulnerability
[http://svn.apache.org/repos/asf/geronimo/server/tags/geronimo-2.2.1/RELEASE_NOTES-2.2.1.txt]
was (Author: karthickm):
Hi, as per your release page
[https://geronimo.apache.org/22x-security-report.html] CVE-2011-5034 is
resolved in Geronimo 2.2.1 but as per
[http://nvd.nist.gov/vuln/detail/CVE-2011-5034] as well as
[https://www.whitesourcesoftware.com/vulnerability-database/CVE-2011-5034]
there is no fixed version. Could you confirm whether the latest available
Apache Geronimo has this fix or not?
> Improve parameter handling patch from tomcat community for G 2.2.1 release
> --------------------------------------------------------------------------
>
> Key: GERONIMO-6253
> URL: https://issues.apache.org/jira/browse/GERONIMO-6253
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.2, 2.2.1
> Reporter: Ming Xia
> Assignee: Ming Xia
> Priority: Major
> Fix For: 2.2.1
>
> Attachments: GEORNIMO-6253_binarypatch.zip, GERONIMO-6253.patch
>
>
> We need a fix for Geronimo 2.2.1 release for the parameter handling issue
> from Tomcat community.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
