No idea but has been asked. 2013/2/23 Jason van Zyl <[email protected]>: > When will the CVE entry be updated? > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0253 > > On Feb 23, 2013, at 9:59 AM, Olivier Lamy <[email protected]> wrote: > >> VE-2013-0253 Apache Maven >> >> Severity: Medium >> >> Vendor: The Apache Software Foundation >> >> Versions Affected: >> - Apache Maven 3.0.4 >> - Apache Maven Wagon 2.1, 2.2, 2.3 >> >> Description: >> Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure >> SSL mode by default. This mode disables all SSL certificate checking, >> including: host name verification , date validity, and certificate >> chain. Not validating the certificate introduces the possibility of a >> man-in-the-middle attack. >> >> All users are recommended to upgrade to Apache Maven 3.0.5 and Apache >> Maven Wagon 2.4. >> >> Credit >> This issue was identified by Graham Leggett >> >> -- >> The Apache Maven Team > > Thanks, > > Jason > > ---------------------------------------------------------- > Jason van Zyl > Founder & CTO, Sonatype > Founder, Apache Maven > http://twitter.com/jvanzyl > --------------------------------------------------------- > > First, the taking in of scattered particulars under one Idea, > so that everyone understands what is being talked about ... Second, > the separation of the Idea into parts, by dividing it at the joints, > as nature directs, not breaking any limb in half as a bad carver might. > > -- Plato, Phaedrus (Notes on the Synthesis of Form by C. Alexander) > > > > >
-- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
