Source: jackrabbit
Version: 2.3.6-1
Severity: important
Tags: security upstream fixed-upstream


the following vulnerability was published for jackrabbit.

CSRF in Jackrabbit-Webdav using empty content-type

For the 2.12.x this has been fixed upstream in 2.12.3, cf. [1], and
there are patches for older branches as well.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:



This is the maintainer address of Debian's Java team
Please use for discussions and questions.

Reply via email to