'[jira] [Commented] (AXIS2-5917) Vulnerabilities found in Axis2 with the use of Geronimo'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       axis-user-ja
Subject:    [jira] [Commented] (AXIS2-5917) Vulnerabilities found in Axis2 with the use of Geronimo
From:       "robert lazarski (JIRA)" <jira () apache ! org>
Date:       2018-06-01 13:30:00
Message-ID: JIRA.13163415.1527854263000.81876.1527859800253 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/AXIS2-5917?page=com.atlassian.jira.plugin. \
system.issuetabpanels:comment-tabpanel&focusedCommentId=16497984#comment-16497984 ] 

robert lazarski commented on AXIS2-5917:
----------------------------------------

There was a Geronimo Application Server project however development stopped years \
ago. Keep that in mind when looking at Geronimo CVE's.

Separately, Geronimo continues to provide implementations of Java specs and Axis2 \
distributes the following jars. I see no related issues on these in the link \
provided.

./axis2-1.7.8/lib/geronimo-ws-metadata_2.0_spec-1.1.2.jar
./axis2-1.7.8/lib/geronimo-jta_1.1_spec-1.1.jar
./axis2-1.7.8/lib/geronimo-saaj_1.3_spec-1.0.1.jar
./axis2-1.7.8/lib/geronimo-stax-api_1.0_spec-1.0.1.jar
./axis2-1.7.8/lib/endorsed/geronimo-jaxws_2.2_spec-1.0.jar
./axis2-1.7.8/lib/endorsed/geronimo-saaj_1.3_spec-1.0.1.jar
./axis2-1.7.8/lib/geronimo-annotation_1.0_spec-1.1.jar
./axis2-1.7.8/lib/geronimo-jaxws_2.2_spec-1.0.jar

  

  

> Vulnerabilities found in Axis2 with the use of Geronimo
> -------------------------------------------------------
> 
> Key: AXIS2-5917
> URL: https://issues.apache.org/jira/browse/AXIS2-5917
> Project: Axis2
> Issue Type: Bug
> Reporter: David Moriconi
> Priority: Major
> 
> Axis2 use a version of Geronimo library that contains multiple vulnerabilities. \
> ([https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=geronimo)] There is a latest \
> version of Geronimo that addresses some of these vulnerabilities which is not \
> included in the latest version of Axis2 (1.7.8) Can you please advise us about \
> this. Are the vulnerabilities exposed in Axis2. If so, how can we address them. \
> Thank you



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic