[jira] [Updated] (KARAF-5423) Karaf is flagged as vulnerable to CVE-2015-5262
[ https://issues.apache.org/jira/browse/KARAF-5423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Achim Nierbeck updated KARAF-5423: -- Fix Version/s: 4.1.3 > Karaf is flagged as vulnerable to CVE-2015-5262 > --- > > Key: KARAF-5423 > URL: https://issues.apache.org/jira/browse/KARAF-5423 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.1.2 >Reporter: Fabian Lange >Assignee: Achim Nierbeck > Fix For: 4.2.0, 4.1.3 > > > Pax Url up to the current 2.5.2 include apache httpclient 4.3.5 which is > flagged vulnerable to CVE-2015-5262. > I already provided a patch upstream > https://ops4j1.jira.com/projects/PAXURL/issues/PAXURL-345?filter=allopenissues > in > https://github.com/ops4j/org.ops4j.pax.url/commit/6f938ab159c606c45ec293c116aad41b6cf62510 > but it would require a pax-url release first followed by a dependency upgrade > in karaf. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KARAF-5423) Karaf is flagged as vulnerable to CVE-2015-5262
[ https://issues.apache.org/jira/browse/KARAF-5423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Achim Nierbeck updated KARAF-5423: -- Fix Version/s: 4.2.0 > Karaf is flagged as vulnerable to CVE-2015-5262 > --- > > Key: KARAF-5423 > URL: https://issues.apache.org/jira/browse/KARAF-5423 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.1.2 >Reporter: Fabian Lange >Assignee: Achim Nierbeck > Fix For: 4.2.0 > > > Pax Url up to the current 2.5.2 include apache httpclient 4.3.5 which is > flagged vulnerable to CVE-2015-5262. > I already provided a patch upstream > https://ops4j1.jira.com/projects/PAXURL/issues/PAXURL-345?filter=allopenissues > in > https://github.com/ops4j/org.ops4j.pax.url/commit/6f938ab159c606c45ec293c116aad41b6cf62510 > but it would require a pax-url release first followed by a dependency upgrade > in karaf. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
