Important Security Hot Fix -------------------------- Applies to: Carbon 1.5 & 1.5.1
Download hot fix: http://wso2.org/downloads/carbon/security_hot_fix This fixes the security issue described in https://issues.apache.org/jira/browse/AXIS2-4279 In summary, any file within an Axis2 AAR's META-INF directory could be viewed by navigating to the http://<ip>:<port>/services/<service-name>?xsd=<filename> URL. e.g. http://localhost:9763/service/HelloService?xsd=services.xml will reveal the services.xml descriptor to outsiders, if this patch isnot applied. How to Apply the Patch ---------------------- 0. Stop the Carbon instance 1. Copy the wso2carbon-core-1.5.1.jar to $CARBON_HOME/webapps/ROOT/WEB-INF/patches 2. Delete directory $CARBON_HOME/lib/tomcat/work 3. Restart the Carbon instance Reverting the Patch -------------------- In case you need to revert this patch, please do the following 0. Stop the Carbon instance 1. Delete $CARBON_HOME/webapps/ROOT/WEB-INF/patches/wso2carbon-core-1.5.1.jar 2. Delete directory $CARBON_HOME/lib/tomcat/work 3. Restart the Carbon instance
signature.asc
Description: PGP signature
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Esb-java-dev mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/esb-java-dev
