[
https://issues.apache.org/jira/browse/AXIS2-5917?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16497984#comment-16497984
]
robert lazarski commented on AXIS2-5917:
----------------------------------------
There was a Geronimo Application Server project however development stopped
years ago. Keep that in mind when looking at Geronimo CVE's.
Separately, Geronimo continues to provide implementations of Java specs and
Axis2 distributes the following jars. I see no related issues on these in the
link provided.
./axis2-1.7.8/lib/geronimo-ws-metadata_2.0_spec-1.1.2.jar
./axis2-1.7.8/lib/geronimo-jta_1.1_spec-1.1.jar
./axis2-1.7.8/lib/geronimo-saaj_1.3_spec-1.0.1.jar
./axis2-1.7.8/lib/geronimo-stax-api_1.0_spec-1.0.1.jar
./axis2-1.7.8/lib/endorsed/geronimo-jaxws_2.2_spec-1.0.jar
./axis2-1.7.8/lib/endorsed/geronimo-saaj_1.3_spec-1.0.1.jar
./axis2-1.7.8/lib/geronimo-annotation_1.0_spec-1.1.jar
./axis2-1.7.8/lib/geronimo-jaxws_2.2_spec-1.0.jar
> Vulnerabilities found in Axis2 with the use of Geronimo
> -------------------------------------------------------
>
> Key: AXIS2-5917
> URL: https://issues.apache.org/jira/browse/AXIS2-5917
> Project: Axis2
> Issue Type: Bug
> Reporter: David Moriconi
> Priority: Major
>
> Axis2 use a version of Geronimo library that contains multiple
> vulnerabilities. ([https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=geronimo)]
> There is a latest version of Geronimo that addresses some of these
> vulnerabilities which is not included in the latest version of Axis2 (1.7.8)
> Can you please advise us about this. Are the vulnerabilities exposed in
> Axis2. If so, how can we address them.
> Thank you
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
