Hi Stephen
On 04.12.2013 22:22, Stephen Nelson wrote:
[...]
> I think it would be a pragmatic solution to backport the fix into the
> current codebase as it should clear the grave bug and shouldn't impact
> the r-deps.
Agreed. I created a new branch "stable-security" and backported the
patch to t
On Wed, Dec 4, 2013 at 2:08 PM, Markus Koschany wrote:
> Hi all,
>
> while I was working on libjackson-json-java and Co., I saw that
> libspring-java is currently affected by a potential security
> vulnerability, a XML External Entity (XXE) Injection in the Spring
> Framework.
>
> The security adv
Hi all,
while I was working on libjackson-json-java and Co., I saw that
libspring-java is currently affected by a potential security
vulnerability, a XML External Entity (XXE) Injection in the Spring
Framework.
The security advisory recommends that all users of version 3.x should
upgrade to 3.2.4
3 matches
Mail list logo
