Good news :) Regards Hervé
On 2/1/12, Jean-Baptiste Onofré <[email protected]> wrote: > Hi Hervé > > Agree, and Jetty is used in Karaf/Pax Web/ServiceMix 3 and 4. > > However, the Jetty versions that we ship are not affected (6.1.26 or 7.5.4). > > Regards > JB > > On 02/01/2012 10:08 AM, Hervé BARRAULT wrote: >> Hi, >> I would say the vulnerability will be in jetty bundle not Geronimo >> (6.1.XX is included) >> >> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4461 >> >> Regards >> >> On 1/31/12, Jean-Baptiste Onofré<[email protected]> wrote: >>> Ohh sorry Diwakar, you talk about ServiceMix 3.x. >>> >>> Regarding ServiceMix 3.x and my previous e-mail, ServiceMix 3 uses the >>> same Geronimo components as ServiceMix components. >>> >>> Regards >>> JB >>> >>> On 01/31/2012 02:21 PM, diwakar wrote: >>>> Hi, >>>> >>>> >> ServiceMix embeds some Specs provided by Geronimo >>>> If it is only specs, can we ignore this particular security >>>> vulnerability from Servicemix pov. >>>> >>>> With Best Regards, >>>> Diwakar >>>> >>>> >>>> -- >>>> View this message in context: >>>> http://servicemix.396122.n5.nabble.com/Servicemix-3-x-Geronimo-Dependency-CVE-2011-5034-tp5443711p5444514.html >>>> Sent from the ServiceMix - User mailing list archive at Nabble.com. >>> >>> -- >>> Jean-Baptiste Onofré >>> [email protected] >>> http://blog.nanthrax.net >>> Talend - http://www.talend.com >>> > > -- > Jean-Baptiste Onofré > [email protected] > http://blog.nanthrax.net > Talend - http://www.talend.com >
