Sean Mullan wrote on 2009-07-14: > I have just putback a fix for this vulnerability to the source code > repository. This patch will be included in the (Java) version 1.4.3 > release. Because of the potential severity of this issue, we are > planning an expedited release process for 1.4.3. I plan to make > available a jar for testing later today and a more complete release > candidate binary tomorrow. If no issues are found then we will call for > a vote later this week and work towards making a final version available > early next week.
A C++ fix is also now checked in. I can generate a tarball if anybody's going to actually test it, otherwise I'll probably look at a couple of other bug reports and plan to release 1.5.1 along the same timeframe. -- Scott
