OFBiz OFBiz - Notifications

[jira] [Created] (OFBIZ-9174) Update Groovy to 2.4.8 version [CVE-2016-6814]

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Created] (OFBIZ-9174) Update Groovy to 2.4.8 version [CVE-2016-6814]

Nicolas Malin (Jira)
Jacques Le Roux created OFBIZ-9174:
--------------------------------------

             Summary: Update Groovy to 2.4.8 version [CVE-2016-6814]
                 Key: OFBIZ-9174
                 URL: https://issues.apache.org/jira/browse/OFBIZ-9174
             Project: OFBiz
          Issue Type: Task
          Components: framework
    Affects Versions: Trunk
            Reporter: Jacques Le Roux
             Fix For: Upcoming Release


[CVE-2016-6814] Apache Groovy Information Disclosure

See https://www.mail-archive.com/announce@.../msg03641.html

There is a security issue but OFBiz OOTB should not be concerned since it's an issue related with deserialisation and we don't use such in OFBiz OOTB. Better to update for users though, not sure if we should backport since we have nothing to fix...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Free forum by Nabble Edit this page