Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-5423

Karaf is flagged as vulnerable to CVE-2015-5262

          Details

          • Type: Bug
          • Status: Resolved
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 4.1.2
          • Fix Version/s: 4.1.3, 4.2.0.M1
          • Component/s: None
          • Labels:
            None

            Description

            Pax Url up to the current 2.5.2 include apache httpclient 4.3.5 which is flagged vulnerable to CVE-2015-5262.

            I already provided a patch upstream https://ops4j1.jira.com/projects/PAXURL/issues/PAXURL-345?filter=allopenissues
            in https://github.com/ops4j/org.ops4j.pax.url/commit/6f938ab159c606c45ec293c116aad41b6cf62510

            but it would require a pax-url release first followed by a dependency upgrade in karaf.

              Attachments

                Activity

                  People

                  • Assignee:
                    achim_nierbeck Achim Nierbeck
                    Reporter:
                    fabianlange Fabian Lange
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: