> I think that version 2.3 is also 'vulnerable'. > The readLine() method in org.apache.james.util.CRLFTerminatedReader > does not check for a maximum number of characters read
It does now. :-) Please see the change I just committed to trunk. If
everyone agrees, we should also commit it to the release branch.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
