Tags: security upstream fixed-upstream
the following vulnerability was published for jackrabbit.
CSRF in Jackrabbit-Webdav using empty content-type
For the 2.12.x this has been fixed upstream in 2.12.3, cf. , and
there are patches for older branches as well.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Secure-testing-team mailing list