Hi Andrew, Well as 4.7.0 was the parity-release to 4.6.0 and we didn't really change any functionality since the donation prior to 4.7.0, I would bet on it. To me it looked as if this issue must have been sitting there since the dawn of time. But we explicitly didn't want to mention Adobe BlazeDS in our announcement.
Chris ________________________________________ Von: Tom Chiverton <[email protected]> Gesendet: Mittwoch, 19. August 2015 14:13 An: [email protected] Betreff: Re: CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability On 19/08/15 13:07, Andrew Kerr wrote: > Does anyone know if this affects the older Adobe BlazeDS 4.6.0? You'd need to check with Adobe. They published an advisor today on the topic : http://blogs.adobe.com/psirt/?p=1259 but it only mentions LiveCycle DS. Tom
