On 12/6/2017 11:03 PM, upendar devu wrote:
> since the vulnerability is found in the latest
> jackson library. but we are using version 2.7 and not the latest version
> ; do you think the the issue still exist with version 2.7 ?
Unfortunately I'm not in detail. You may ask at [1] as a comment
Thank you .
On Wed, Dec 6, 2017 at 2:37 PM, Adam Brin
wrote:
> If you go look at the security declaration and the links into the jackson
> changset it’ll list what’s been patched. Sorry, not a complete answer, but
> best I can easily give.
>
> --
> ___
If you go look at the security declaration and the links into the jackson
changset it’ll list what’s been patched. Sorry, not a complete answer, but best
I can easily give.
--
_
Adam Brin
Director of Technology, Digital Antiquity
480.965.1
Thank you for the response . You mentioned that I'm still impacted even
not suing REST plugin since the vulnerability is found in the latest
jackson library. but we are using version 2.7 and not the latest version
; do you think the the issue still exist with version 2.7 ?
Thanks
On Wed, Dec
On 12/6/2017 9:40 PM, upendar devu wrote:
> is this impact for those using Struts based REST plugin ?
CVE-2017-15707 [1] is for those using Struts' REST Plugin [2]. Before
2.5.14.1 this plugin uses json-lib library [3] which is not updated for
several years and is vulnerable. After 2.5.14 Stru
CVE-2017-15095 & CVE-2017-7525 -S2-054 & S2-055 has been fixed in the
version 2.5.14.1
We are using struts2 version 2.5.13. not using struts based REST plugin
but using below jackson versions
I'm confused on the problem statements of these 2 CVEs reported , is this
impact for those using Struts
6 matches
Mail list logo
