Uploaded image for project: 'Geronimo'
  1. Geronimo
  2. GERONIMO-5387

Update the spring framework to fix Spring framework CVE-2010-1622 vulnerability.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1.5, 2.2
    • Fix Version/s: 2.1.6, 2.2.1
    • Component/s: general
    • Security Level: public (Regular issues)
    • Labels:
      None

      Description

      The Spring framework used by the Apache Geronimo server has a critical security vulnerability that can allow injection of malicious code into the a web application. Details of the vulnerability can be found here:

      http://www.securityfocus.com/archive/1/511877/30/0/threaded

      There are no known locations in the Geronimo server where this vulnerability can be exploited, but any applications built using the included spring framework libraries can be a risk. This will update Spring version to the 2.5.6.SEC02 level.

        Attachments

          Activity

            People

            • Assignee:
              rickmcguire Richard McGuire
              Reporter:
              rickmcguire Richard McGuire
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: