Hi JB,
For SMX 3.4 snapshot we already use spring 3.0.5.RELEASE so it should
already include the fix for the security vulnerability.
Freeman
On 2011-9-23, at 下午7:33, Jean-Baptiste Onofré wrote:
Hi Diwakar,
replacing the spring jars in the lib folder (and in the shared)
should be OK.
I will raise a Jira to include it in SMX 3.4.
Regards
JB
On 09/23/2011 10:21 AM, diwakar wrote:
Hi,
We are using servicemix 3.3.2. This version uses Spring
framework
2.5.6. Now there is a new version of Spring fremework 2.5.6.SEC03
with the
fix for the security vulnerability.
http://www.springsource.com/security/cve-2011-2730.
The jars are located in:
./apache-servicemix-3.3.2/lib/spring-core-2.5.6.jar
./data/smx/sharedlibs/servicemix-shared/version_1/lib/spring-
core-2.5.6.jar
Will servicemix deliver a new version with the fix?
Till then is it fine if we replace the jars manually in our
installations in servicemix-shared and lib folder?
Please let us know your comment.
With Best Regards,
Diwakar
--
View this message in context:
http://servicemix.396122.n5.nabble.com/CVE-2011-2730-Spring-Framework-information-disclosure-tp4832786p4832786.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
---------------------------------------------
Freeman Fang
FuseSource
Email:[email protected]
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
