[
https://issues.apache.org/jira/browse/KARAF-5423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16204207#comment-16204207
]
ASF subversion and git services commented on KARAF-5423:
--------------------------------------------------------
Commit fc7af0b0ca3cbaa75c01e9e1ff7529586c373b9c in karaf's branch
refs/heads/master from [~achim_nierbeck]
[ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=fc7af0b ]
[KARAF-5423] - Karaf is flagged as vulnerable to CVE-2015-5262
> Karaf is flagged as vulnerable to CVE-2015-5262
> -----------------------------------------------
>
> Key: KARAF-5423
> URL: https://issues.apache.org/jira/browse/KARAF-5423
> Project: Karaf
> Issue Type: Bug
> Affects Versions: 4.1.2
> Reporter: Fabian Lange
> Assignee: Achim Nierbeck
> Fix For: 4.2.0, 4.1.3
>
>
> Pax Url up to the current 2.5.2 include apache httpclient 4.3.5 which is
> flagged vulnerable to CVE-2015-5262.
> I already provided a patch upstream
> https://ops4j1.jira.com/projects/PAXURL/issues/PAXURL-345?filter=allopenissues
> in
> https://github.com/ops4j/org.ops4j.pax.url/commit/6f938ab159c606c45ec293c116aad41b6cf62510
> but it would require a pax-url release first followed by a dependency upgrade
> in karaf.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
