The vulnerability appears to be JSP specific, those running only the xmlui interface should be fine, right?
cheers stuart On 06/09/13 04:50, Halliday, James Leonard wrote: > Hello, > > I am trying to follow up on some vulnerabilities in the Spring > framework, which are documented here: > > http://support.springsource.com/security/cve-2011-2730 > > A recent survey of all our running DSpace instances showed a DSpace > 1.5.2 instance with Spring 2.5.1 jars included. These are the jars that > might be vulnerable. Can someone tell me if the jars are being used in a > way that makes them vulnerable? There is a later Spring 2.5.x release > that fixed the problem; should we simply replace the existing jars > without needing to make any other changes? > > Thanks so much. > > -Jim Halliday > > -Indiana University > > > > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk > > > > _______________________________________________ > DSpace-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-tech > List Etiquette: > https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette > -- Stuart Yeates Library Technology Services http://www.victoria.ac.nz/library/ ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
