Thanks, that's what I thought. We will make the move to upgrade to 4.7.1 from 4.6.
On Wed, Aug 19, 2015 at 8:27 AM, Christofer Dutz <[email protected]> wrote: > Hi Andrew, > > Well as 4.7.0 was the parity-release to 4.6.0 and we didn't really change > any functionality since the donation prior to 4.7.0, I would bet on it. To > me it looked as if this issue must have been sitting there since the dawn > of time. But we explicitly didn't want to mention Adobe BlazeDS in our > announcement. > > Chris > > ________________________________________ > Von: Tom Chiverton <[email protected]> > Gesendet: Mittwoch, 19. August 2015 14:13 > An: [email protected] > Betreff: Re: CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity > Expansion Vulnerability > > On 19/08/15 13:07, Andrew Kerr wrote: > > Does anyone know if this affects the older Adobe BlazeDS 4.6.0? > > You'd need to check with Adobe. > > They published an advisor today on the topic : > http://blogs.adobe.com/psirt/?p=1259 > but it only mentions LiveCycle DS. > > Tom > -- Andrew Kerr
