Hi, I know ATS 5.3.2 may be end of support. But it would be very appreciated if someone can suggest if 5.3.2 is affected by CVE-2017-5659.
Currently we are still using 5.3.2 in production, and want to evaluate how to back port CVE-2017-5659 to 5.3.2 by ourselves. However, looks like the code base is quite different. If my understanding is right, the fix is actually introduced in TS-4507 by PR #787. And it seems like a regression from TS-3612, but I am not quite sure about this. If it is truly a regression from TS-3612, does this mean 5.3.2 is not affected? BTW, we could not reproduce this issue by the test tool attached in https://issues.apache.org/jira/secure/attachment/12827263/test_post.py . Would someone kindly help to provide some suggestion on how to reproduce this issue using this tool? Is there any configuration precondition? Thanks in advance! Thanks, Zhilin
