[jira] [Closed] (OFBIZ-9174) Update Groovy to 2.4.8 version [CVE-2016-6814]

Jacques Le Roux (JIRA) Thu, 03 Jan 2019 09:19:08 -0800


     [ 
https://issues.apache.org/jira/browse/OFBIZ-9174?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jacques Le Roux closed OFBIZ-9174.
----------------------------------
       Resolution: Not A Problem
         Assignee: Jacques Le Roux
    Fix Version/s:     (was: 17.12.01)

Ah got it, you mean OFBIZ-10762, closing indeed, thanks

> Update Groovy to 2.4.8 version [CVE-2016-6814]
> ----------------------------------------------
>
>                 Key: OFBIZ-9174
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9174
>             Project: OFBiz
>          Issue Type: Task
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>              Labels: cve
>
> [CVE-2016-6814] Apache Groovy Information Disclosure
> See https://www.mail-archive.com/[email protected]/msg03641.html
> There is a security issue but OFBiz OOTB should not be concerned since it's 
> an issue related with deserialisation and we don't use such in OFBiz OOTB. 
> Better to update for users though, not sure if we should backport since we 
> have nothing to fix...



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Closed] (OFBIZ-9174) Update Groovy to 2.4.8 version [CVE-2016-6814]

Reply via email to