Hi, I am trying to patch GWT 2.4.0 version for CVE-2012-5920. But I could not locate the commit from the github. Does anyone know the commit id for the CVE-2012-5920. The release note states that I need to upgrade to 2.5GA. How do we know CVE-2012-5920 fix is included?
Thanks Release Notes for 2.5.0 This release includes some minor bug fixes found in the release candidate. See What’s New in GWT 2.5 <http://www.gwtproject.org/doc/latest/ReleaseNotes.html> plus the release notes for 2.5.0 (RC1) <http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_0_RC1> and 2.5.0 (RC2) <http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_0_RC2> for the full list of features and bugs fixes included in the GWT 2.5.0 release. Security vulnerability from 2.4 to 2.5 Final The GWT team recently learned that the Security vulnerability discovered in the 2.4 Beta and Release Candidate releases was only partially fixed in the 2.4 GA release. A more complete fix was added to the 2.5 GA release. *If you have an app that’s been built with GWT 2.4 or one of the 2.5 RCs, then you’ll need to get the latest 2.5 release, recompile your app, and redeploy.* -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/73c58913-2c28-4099-90d9-1479c9d0f443n%40googlegroups.com.
