[jira] [Commented] (OFBIZ-9174) Update Groovy to 2.4.8 version [CVE-2016-6814]

Pierre Smits (JIRA) Thu, 03 Jan 2019 07:47:54 -0800


    [ 
https://issues.apache.org/jira/browse/OFBIZ-9174?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16733160#comment-16733160
 ]


Pierre Smits commented on OFBIZ-9174:
-------------------------------------

Is this still an issue? See OFBIZ-10672

> Update Groovy to 2.4.8 version [CVE-2016-6814]
> ----------------------------------------------
>
>                 Key: OFBIZ-9174
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9174
>             Project: OFBiz
>          Issue Type: Task
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Priority: Major
>              Labels: cve
>             Fix For: 17.12.01
>
>
> [CVE-2016-6814] Apache Groovy Information Disclosure
> See https://www.mail-archive.com/[email protected]/msg03641.html
> There is a security issue but OFBiz OOTB should not be concerned since it's 
> an issue related with deserialisation and we don't use such in OFBiz OOTB. 
> Better to update for users though, not sure if we should backport since we 
> have nothing to fix...



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OFBIZ-9174) Update Groovy to 2.4.8 version [CVE-2016-6814]

Reply via email to