Please delete me. On Thu, 9 Aug 2018 at 11:06, Jacques Le Roux <jacques.le.r...@les7arts.com> wrote:
> Le 06/08/2018 à 22:00, Bernhard Donaubauer a écrit : > > Jacques Le Roux <jacques.le.r...@les7arts.com> > <jacques.le.r...@les7arts.com> > > And there are CVEs pending : > > https://0ang3el.blogspot.com/2016/07/beware-of-ws-xmlrpc-library-in-your.html > > Other TLPs might be affected, I guess Archiva has been picked because > being the 1st in alphabetical order... > > > This is a pure in house service so I guess the mentioned vulnerabilities > are not so crucial. I mean if somebody has entered our network and is able > to start an denial of service attack to this service we have much lager > problem than one not responding service. > > Actually we fixed some of these issues in OFBiz: > https://issues.apache.org/jira/browse/OFBIZ-10484 > https://issues.apache.org/jira/browse/OFBIZ-10509 > > We prefer to be safe than sorry. > > Jacques > >
