[
https://issues.apache.org/jira/browse/OFBIZ-9174?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-9174.
----------------------------------
Resolution: Not A Problem
Assignee: Jacques Le Roux
Fix Version/s: (was: 17.12.01)
Ah got it, you mean OFBIZ-10762, closing indeed, thanks
> Update Groovy to 2.4.8 version [CVE-2016-6814]
> ----------------------------------------------
>
> Key: OFBIZ-9174
> URL:
https://issues.apache.org/jira/browse/OFBIZ-9174> Project: OFBiz
> Issue Type: Task
> Components: framework
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
> Labels: cve
>
> [CVE-2016-6814] Apache Groovy Information Disclosure
> See
https://www.mail-archive.com/announce@.../msg03641.html> There is a security issue but OFBiz OOTB should not be concerned since it's an issue related with deserialisation and we don't use such in OFBiz OOTB. Better to update for users though, not sure if we should backport since we have nothing to fix...
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
