Yes, both are associated with the same security vulnerability and need to appear on the website.
-- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Mon, Apr 4, 2016 at 11:16 PM, Romain Manni-Bucau <[email protected]> wrote: > Hi > > We got 2016 number, not sure where 2015 one comes from but didnt go through > security process - or was before we tackled it? any other pmc saw it? > > If didnt went through security@ no reason to mention it. > Le 4 avr. 2016 22:57, "Robert Panzer" <[email protected]> a écrit : > > > Hi, > > > > the TomEE docs currently document CVE-2016-0779 as resolved in TomEE > 1.7.4 > > and 7.0.0-M3. > > This seems to be a duplicate of CVE-2015-8581. > > > > Therefore this vulnerability should also be documented as resolved. > > > > I opened a ticket and attached a patch that adds a mention of > > CVE-2015-8581 next to CVE-2016-0779. > > > > Would be nice if somebody could review it. > > > > Cheers > > Robert >
