[
https://issues.apache.org/jira/browse/OFBIZ-9174?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16733244#comment-16733244 ]
Jacques Le Roux commented on OFBIZ-9174:
----------------------------------------
How could both relate?
> Update Groovy to 2.4.8 version [CVE-2016-6814]
> ----------------------------------------------
>
> Key: OFBIZ-9174
> URL:
https://issues.apache.org/jira/browse/OFBIZ-9174> Project: OFBiz
> Issue Type: Task
> Components: framework
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Priority: Major
> Labels: cve
> Fix For: 17.12.01
>
>
> [CVE-2016-6814] Apache Groovy Information Disclosure
> See
https://www.mail-archive.com/announce@.../msg03641.html> There is a security issue but OFBiz OOTB should not be concerned since it's an issue related with deserialisation and we don't use such in OFBiz OOTB. Better to update for users though, not sure if we should backport since we have nothing to fix...
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
