[GERONIMO-5387] Update the spring framework to fix Spring framework CVE-2010-1622 vulnerability. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.1.5, 2.2
Fix Version/s: 2.1.6, 2.2.1
Component/s: general
Security Level: public (Regular issues)
Labels:
None

Description

The Spring framework used by the Apache Geronimo server has a critical security vulnerability that can allow injection of malicious code into the a web application. Details of the vulnerability can be found here:

http://www.securityfocus.com/archive/1/511877/30/0/threaded

There are no known locations in the Geronimo server where this vulnerability can be exploited, but any applications built using the included spring framework libraries can be a risk. This will update Spring version to the 2.5.6.SEC02 level.

Attachments

Activity

People

Assignee:: Richard McGuire

Reporter:: Richard McGuire

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 22/Jun/10 10:41

Updated:: 22/Sep/10 14:46

Resolved:: 22/Sep/10 14:46