Hi Alex, I can confirm, that 2.14.0-rc1 fixes the vulnerability as I cherry- picked the related fixes to an upcoming 2.13.4.1 (micro patch version) yesterday. My PR was merged in earlier today.
The issue is, that the fix version is set to 2.14.0 in the CVE itself although it is included in 2.14.0-rc1. This is due to the fact, that the jackson people do not want a widespread use of rc1 due to the security vulnerability as it only affectes users if 'UNWRAP_SINGLE_VALUE_ARRAYS' is set to enabled. I can add a related sentence to the release notes. In addition, I will add a statement regarding hsqldb 2.7.1, which doesn't show up in grype at all. Gruß Richard Am Mittwoch, dem 12.10.2022 um 08:49 +0200 schrieb Alex The Rocker: > Hello Again, > > Completed some basic tests with TomEE+ 8.0.13 (more complex tests to > come), but also I ran https://github.com/anchore/grype latest version > on TomEE+ 8.0.12 versus this candidate 8.0.13, with focus on Jackson > CVEs, and here's the outcome: > > With TomEE+ 8.0.12, the jackson-databind-2.13.2.2.jar file was found > to have the following vulnerabilities: > CVE-2022-42003 > CVE-2022-42004 > GHSA-jjjh-jjxp-wpff > GHSA-rgv9-q543-rqg4 > > With TomEE+ 8.0.13 candidate release, jackson-databind-2.14.0-rc1.jar > file file was found to have the following vulnerabilities: > CVE-2022-42003 > > which is bizarre because according to > https://nvd.nist.gov/vuln/detail/CVE-2022-42003, 2.14.0-rc1 is > supposed to fix CVE-2022-42003. > > I know that Grype isn't perfect, but problem is that it is widely > used, so if you are sure that this is a false positive, then can you > please provide a statement about it in release notes and/or in > documentation, to avoid users' confusion? > > PS: CVE-2022-42003 is rated 7.5 (High) by > https://nvd.nist.gov/vuln/detail/CVE-2022-42003, so it's not quite > TomEE 8.0.13 could be released without a word about it... > > I will send my vote when I'll have completed my more advanced tests > with 8.0.13 candidate release. > > Thanks, > Alex > > Le mar. 11 oct. 2022 à 22:28, Zowalla, Richard > <richard.zowa...@hs-heilbronn.de> a écrit : > > Good catch. This is expected: > > > > https://issues.apache.org/jira/browse/TOMEE-4021 > > > > or > > > > https://lists.apache.org/thread/8tky9dr2sf99cs2hrj95j81w1rhrtdfn > > > > Gruß > > Richard > > > > Am Dienstag, dem 11.10.2022 um 22:23 +0200 schrieb Alex The Rocker: > > > okay I probably make a mistake somewhere. > > > Also I see ehcache*.jar is removed in TomEE+ 8.0.13 => is it > > > intentional (I love seeing less JARs;) ? > > > > > > Alex > > > > > > Le mar. 11 oct. 2022 à 22:17, Zowalla, Richard > > > <richard.zowa...@hs-heilbronn.de> a écrit : > > > > I am currently not on my dev system but I checked via: > > > > > > > > $ gpg --batch --keyserver hkp://keyserver.ubuntu.com:80 --recv- > > > > keys > > > > B83D15E72253ED1104EB4FBBDAB472F0E5B8A431 > > > > > > > > $ gpg --verify apache-tomee-8.0.13-plus.tar.gz.asc apache- > > > > tomee- > > > > 8.0.13- > > > > plus.tar.gz > > > > > > > > gpg: Signatur vom Di 11 Okt 2022 13:14:04 CEST > > > > gpg: mittels RSA-Schlüssel > > > > B83D15E72253ED1104EB4FBBDAB472F0E5B8A431 > > > > gpg: Korrekte Signatur von "Richard Zowalla (Code Signing Key) > > > > <r...@apache.org>" [unbekannt] > > > > > > > > > > > > Gruß > > > > Richard > > > > > > > > Am Dienstag, dem 11.10.2022 um 22:04 +0200 schrieb Alex The > > > > Rocker: > > > > > Sorry previous mail sent too quickly. > > > > > > > > > > What's wrong here ? > > > > > > > > > > $ gpg --verify /tmp/tomee8013.asc apache-tomee-8.0.13- > > > > > plus.tar.gz > > > > > gpg: Signature made Tue 11 Oct 2022 01:14:04 PM CEST using > > > > > RSA > > > > > key ID > > > > > E5B8A431 > > > > > gpg: Can't check signature: No public key > > > > > > > > > > Le mar. 11 oct. 2022 à 22:03, Alex The Rocker > > > > > <alex.m3...@gmail.com> > > > > > a écrit : > > > > > > Hum... what's wrong here: > > > > > > > > > > > > Le mar. 11 oct. 2022 à 21:22, Alex The Rocker > > > > > > <alex.m3...@gmail.com> a écrit : > > > > > > > +1 for more frequent releases (at least based on CVE with > > > > > > > at > > > > > > > least > > > > > > > high severity) > > > > > > > and yes, I have a relatively large test base ; stay > > > > > > > tuned! > > > > > > > > > > > > > > Le mar. 11 oct. 2022 à 21:16, Richard Zowalla > > > > > > > <r...@apache.org> a > > > > > > > écrit : > > > > > > > > Hi Alex, > > > > > > > > > > > > > > > > we can maybe get into the habit of realising more often > > > > > > > > (yes, I > > > > > > > > know: > > > > > > > > we discussed this over and over on the list...). > > > > > > > > > > > > > > > > I was just copying from the VOTE template docs, which > > > > > > > > mention > > > > > > > > to write > > > > > > > > "first attempt" and so on... - so no regrets just copy > > > > > > > > & > > > > > > > > paste. > > > > > > > > > > > > > > > > I don't expect any suprises but we never know: I did > > > > > > > > some > > > > > > > > tests > > > > > > > > on some > > > > > > > > of our projects (jaxrs, jaxws, batche, ...) but I have > > > > > > > > no > > > > > > > > possibility > > > > > > > > to do large scale tests as you can do them ;-) - so > > > > > > > > happy > > > > > > > > to > > > > > > > > get some > > > > > > > > feedback. > > > > > > > > > > > > > > > > The CXF cleanup might be a candidate for regressions as > > > > > > > > we > > > > > > > > shipped > > > > > > > > older code under the covers of newer cxf versions and > > > > > > > > didn't > > > > > > > > notice > > > > > > > > that for some time now. > > > > > > > > > > > > > > > > Gruß > > > > > > > > Richard > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Am Dienstag, dem 11.10.2022 um 21:05 +0200 schrieb Alex > > > > > > > > The > > > > > > > > Rocker: > > > > > > > > > Hi Richard, > > > > > > > > > > > > > > > > > > Thanks for this quick TomEE 8.0.3 release after not > > > > > > > > > so > > > > > > > > > long > > > > > > > > > discussions! > > > > > > > > > I'll run some tests ASAP and then give my vote (non- > > > > > > > > > binding). > > > > > > > > > Why do you mention "1st attempt"? Any regrets ? > > > > > > > > > > > > > > > > > > Alex > > > > > > > > > > > > > > > > > > Le mar. 11 oct. 2022 à 20:01, Richard Zowalla > > > > > > > > > <r...@apache.org> a > > > > > > > > > écrit : > > > > > > > > > > Hi all, > > > > > > > > > > > > > > > > > > > > this is a first attempt at a vote for a release of > > > > > > > > > > Apache > > > > > > > > > > TomEE > > > > > > > > > > 8.0.13. > > > > > > > > > > > > > > > > > > > > It is a maintenance release with some bug fixes and > > > > > > > > > > dependencies > > > > > > > > > > upgrades. > > > > > > > > > > > > > > > > > > > > ############### > > > > > > > > > > > > > > > > > > > > Maven Repo: > > > > > > > > > > https://repository.apache.org/content/repositories/orgapachetomee-1207 > > > > > > > > > > > > > > > > > > > > <repositories> > > > > > > > > > > <repository> > > > > > > > > > > <id>tomee-8.0.13-release-test</id> > > > > > > > > > > <name>Testing TomEE 8.0.13 release > > > > > > > > > > candidate</name> > > > > > > > > > > <url> > > > > > > > > > > https://repository.apache.org/content/repositories/orgapachetomee-1207 > > > > > > > > > > </url> > > > > > > > > > > </repository> > > > > > > > > > > </repositories> > > > > > > > > > > > > > > > > > > > > ############### > > > > > > > > > > > > > > > > > > > > Binaries & Source: > > > > > > > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1207/tomee-8.0.13/ > > > > > > > > > > > > > > > > > > > > ############### > > > > > > > > > > > > > > > > > > > > Tag: > > > > > > > > > > > > > > > > > > > > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.13 > > > > > > > > > > > > > > > > > > > > ############### > > > > > > > > > > > > > > > > > > > > Latest CI/CD build: > > > > > > > > > > > > > > > > > > > > https://ci-builds.apache.org/job/Tomee/job/tomee-8.x-build-full/226/ > > > > > > > > > > > > > > > > > > > > ############### > > > > > > > > > > > > > > > > > > > > Release notes: > > > > > > > > > > > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12351820 > > > > > > > > > > > > > > > > > > > > ############### > > > > > > > > > > > > > > > > > > > > Here is an adoc generated version of the changelog > > > > > > > > > > as > > > > > > > > > > well: > > > > > > > > > > > > > > > > > > > > == Dependency upgrade > > > > > > > > > > > > > > > > > > > > [.compact] > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-3985[TOMEE-3985] > > > > > > > > > > BatchEE 1.0.2 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4057[TOMEE-4057] > > > > > > > > > > CXF 3.4.8 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-3800[TOMEE-3800] > > > > > > > > > > DBCP 2.9.0 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4059[TOMEE-4059] > > > > > > > > > > EclipseLink 2.7.11 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4063[TOMEE-4063] > > > > > > > > > > Geronimo Transaction Manager 3.1.5 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4019[TOMEE-4019] > > > > > > > > > > HSQLDB 2.7.0 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-3986[TOMEE-3986] > > > > > > > > > > Hibernate Integration 5.6.9.Final > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4042[TOMEE-4042] > > > > > > > > > > Jackson 2.13.4 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4067[TOMEE-4067] > > > > > > > > > > Jackson 2.14.0-rc1 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4020[TOMEE-4020] > > > > > > > > > > Jakarta Faces 2.3.18 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4026[TOMEE-4026] > > > > > > > > > > Johnzon 1.2.19 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4030[TOMEE-4030] > > > > > > > > > > Log4J2 2.18.0 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-3998[TOMEE-3998] > > > > > > > > > > MyFaces 2.3.10 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4044[TOMEE-4044] > > > > > > > > > > Snakeyaml 1.32 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4054[TOMEE-4054] > > > > > > > > > > Snakeyaml 1.33 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4002[TOMEE-4002] > > > > > > > > > > Tomcat 9.0.64 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4051[TOMEE-4051] > > > > > > > > > > Tomcat 9.0.65 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4060[TOMEE-4060] > > > > > > > > > > Tomcat 9.0.67 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4087[TOMEE-4087] > > > > > > > > > > Tomcat 9.0.68 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4018[TOMEE-4018] > > > > > > > > > > bcprov-jdk15on 1.70 > > > > > > > > > > > > > > > > > > > > == New Feature > > > > > > > > > > > > > > > > > > > > [.compact] > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-3928[TOMEE-3928] > > > > > > > > > > Example for properties provider > > > > > > > > > > > > > > > > > > > > == Bug > > > > > > > > > > > > > > > > > > > > [.compact] > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4021[TOMEE-4021] > > > > > > > > > > Unexpected ehcache 3.8.1 in tomee/lib > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-3850[TOMEE-3850] > > > > > > > > > > HTTP(S) connections are not reused > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4014[TOMEE-4014] > > > > > > > > > > Unable to see TomEE version in Tomcat home page > > > > > > > > > > with > > > > > > > > > > Java > > > > > > > > > > 17 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-3979[TOMEE-3979] > > > > > > > > > > service.bat issue when using JRE_HOME on Windows > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4041[TOMEE-4041] > > > > > > > > > > 4 > > > > > > > > > > CVE Vulnerabilities in snakeyaml-1.30.jar > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4001[TOMEE-4001] > > > > > > > > > > CVE-2022-34305 displaying user provided data > > > > > > > > > > without > > > > > > > > > > filtering, > > > > > > > > > > exposing a XSS vulnerability > > > > > > > > > > > > > > > > > > > > == Improvement > > > > > > > > > > > > > > > > > > > > [.compact] > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-3878[TOMEE-3878] > > > > > > > > > > Backport 'No interface view EJB proxies broken on > > > > > > > > > > JDK16+' > > > > > > > > > > [TOMEE- > > > > > > > > > > 3877] to TomEE 8.x > > > > > > > > > > > > > > > > > > > > == Task > > > > > > > > > > > > > > > > > > > > [.compact] > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4064[TOMEE-4064] > > > > > > > > > > OpenJPA 3.2.2 (examples), EclipseLink 2.7.11 > > > > > > > > > > (examples), > > > > > > > > > > Derby > > > > > > > > > > 10.14.2.0 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4022[TOMEE-4022] > > > > > > > > > > Move to Apache Rat > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4056[TOMEE-4056] > > > > > > > > > > Log4J2 2.19.0 > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4058[TOMEE-4058] > > > > > > > > > > Update Krazo, DeltaSpike and Hibernate > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-3914[TOMEE-3914] > > > > > > > > > > Spring 3 Dependencies in TomEE Root POM > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4088[TOMEE-4088] > > > > > > > > > > Add workaround for CVE-2022-41853 (hsqldb) > > > > > > > > > > > > > > > > > > > > == Documentation > > > > > > > > > > > > > > > > > > > > [.compact] > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4023[TOMEE-4023] > > > > > > > > > > Comparison pages with wrong specs per profiles > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-3981[TOMEE-3981] > > > > > > > > > > update javadoc to reflect updates on Jakarta EE > > > > > > > > > > > > > > > > > > > > == Fixed Common Vulnerabilities and Exposures > > > > > > > > > > (CVEs) > > > > > > > > > > > > > > > > > > > > [.compact] > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4041[TOMEE-4041] > > > > > > > > > > 4 > > > > > > > > > > CVE Vulnerabilities in snakeyaml-1.30.jar > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4001[TOMEE-4001] > > > > > > > > > > CVE-2022-34305 displaying user provided data > > > > > > > > > > without > > > > > > > > > > filtering, > > > > > > > > > > exposing a XSS vulnerability > > > > > > > > > > - link: > > > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4088[TOMEE-4088] > > > > > > > > > > Add workaround for CVE-2022-41853 (hsqldb) > > > > > > > > > > > > > > > > > > > > ############### > > > > > > > > > > > > > > > > > > > > Here is the dependency diff from 8.0.12 to 8.0.13 > > > > > > > > > > created > > > > > > > > > > with > > > > > > > > > > David's > > > > > > > > > > new feature in our release tools: > > > > > > > > > > > > > > > > > > > > artifactId from > > > > > > > > > > to > > > > > > > > > > ------------------------------- ---------- -------- > > > > > > > > > > ---- > > > > > > > > > > ---- > > > > > > > > > > --- > > > > > > > > > > jackson-annotations 2.13.2 2.14.0- > > > > > > > > > > rc1 > > > > > > > > > > jackson-core 2.13.2 2.14.0- > > > > > > > > > > rc1 > > > > > > > > > > jackson-databind 2.13.2.2 2.14.0- > > > > > > > > > > rc1 > > > > > > > > > > jackson-dataformat-yaml 2.13.2 2.14.0- > > > > > > > > > > rc1 > > > > > > > > > > commons-cli 1.4 1.5.0 > > > > > > > > > > batchee-jbatch 1.0.1 1.0.2 > > > > > > > > > > commons-dbcp2 2.3.0 2.9.0 > > > > > > > > > > cxf-rt-bindings-soap 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-bindings-xml 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-frontend-jaxws 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-frontend-simple 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-management 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-rs-extension-providers 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-rs-extension-search 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-rs-json-basic 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-rs-mp-client 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-rs-security-cors 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-rs-security-jose 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-rs-security-jose-jaxrs 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-rs-security-oauth2 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-rs-service-description 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-rs-sse 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-security 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-security-saml 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-ws-addr 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-ws-policy 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-ws-security 3.4.5 3.4.8 > > > > > > > > > > cxf-rt-wsdl 3.4.5 3.4.8 > > > > > > > > > > geronimo-connector 3.1.4 3.1.5 > > > > > > > > > > geronimo-transaction 3.1.4 3.1.5 > > > > > > > > > > johnzon-core 1.2.18 1.2.19 > > > > > > > > > > johnzon-jaxrs 1.2.18 1.2.19 > > > > > > > > > > johnzon-jsonb 1.2.18 1.2.19 > > > > > > > > > > johnzon-jsonp-strict 1.2.18 1.2.19 > > > > > > > > > > johnzon-mapper 1.2.18 1.2.19 > > > > > > > > > > myfaces-api 2.3.9 2.3.10 > > > > > > > > > > myfaces-impl 2.3.9 2.3.10 > > > > > > > > > > cxf-shade 8.0.12 8.0.13 > > > > > > > > > > taglibs-shade 8.0.12 8.0.13 > > > > > > > > > > tomee-bootstrap 8.0.12 8.0.13 > > > > > > > > > > bcprov-jdk15on 1.69 1.70 > > > > > > > > > > eclipselink 2.7.9 2.7.11 > > > > > > > > > > jakarta.faces 2.3.15 2.3.18 > > > > > > > > > > hsqldb 2.5.2 2.7.0 > > > > > > > > > > snakeyaml 1.30 1.33 > > > > > > > > > > > > > > > > > > > > ############### > > > > > > > > > > > > > > > > > > > > Please note: > > > > > > > > > > > > > > > > > > > > (1) CVE-2022-42003 (jackson-databind): Users are > > > > > > > > > > only > > > > > > > > > > affected, if > > > > > > > > > > 'UNWRAP_SINGLE_VALUE_ARRAYS' is set to enabled. > > > > > > > > > > Mitigation > > > > > > > > > > is > > > > > > > > > > included > > > > > > > > > > in 2.14.0-rc1 - as discussed in a separate thread, > > > > > > > > > > we > > > > > > > > > > are > > > > > > > > > > "ok" to > > > > > > > > > > ship > > > > > > > > > > a RC version. We aim to do a follow up release of > > > > > > > > > > TomEE > > > > > > > > > > 8.x > > > > > > > > > > soon. > > > > > > > > > > > > > > > > > > > > (2) CVE-2022-41853 (hsqldb): As v2.7.1 isn't > > > > > > > > > > available > > > > > > > > > > yet, > > > > > > > > > > TomEE > > > > > > > > > > sets > > > > > > > > > > "hsqldb.method_class_names" to an invalid value to > > > > > > > > > > mitigate > > > > > > > > > > the > > > > > > > > > > vulnerability. Users can override the property as > > > > > > > > > > needed. > > > > > > > > > > > > > > > > > > > > ############### > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Please VOTE > > > > > > > > > > > > > > > > > > > > [+1] go ship it > > > > > > > > > > [+0] meh, don't care > > > > > > > > > > [-1] stop, there is a ${showstopper} > > > > > > > > > > > > > > > > > > > > The VOTE is open for 72h or as long as needed. > > > > > > > > > > > > > > > > > > > > Gruß > > > > > > > > > > Richard > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
smime.p7s
Description: S/MIME cryptographic signature
