Hello,
I am trying to follow up on some vulnerabilities in the Spring framework, which
are documented here:
http://support.springsource.com/security/cve-2011-2730
A recent survey of all our running DSpace instances showed a DSpace 1.5.2
instance with Spring 2.5.1 jars included. These are the jars that might be
vulnerable. Can someone tell me if the jars are being used in a way that makes
them vulnerable? There is a later Spring 2.5.x release that fixed the problem;
should we simply replace the existing jars without needing to make any other
changes?
Thanks so much.
- Jim Halliday
- Indiana University
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
