Details
Description
The Spring framework used by the Apache Geronimo server has a critical security vulnerability that can allow injection of malicious code into the a web application. Details of the vulnerability can be found here:
http://www.securityfocus.com/archive/1/511877/30/0/threaded
There are no known locations in the Geronimo server where this vulnerability can be exploited, but any applications built using the included spring framework libraries can be a risk. This will update Spring version to the 2.5.6.SEC02 level.