[prev in list] [next in list] [prev in thread] [next in thread]
List: rampart-dev
Subject: [jira] [Commented] (AXIS2-5930) CVE issues with dependency jars of axis2
From: "Raghavi (JIRA)" <jira () apache ! org>
Date: 2018-11-09 10:54:00
Message-ID: JIRA.13182052.1535612483000.312547.1541760840158 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/AXIS2-5930?page=com.atlassian.jira.plugin. \
system.issuetabpanels:comment-tabpanel&focusedCommentId=16681250#comment-16681250 ]
Raghavi commented on AXIS2-5930:
--------------------------------
Hi,
Could you please give the information about by when the Apache Axis2 1.7.9 will be \
released ??
Thanks and Regards,
Raghavi G. Kamat
> CVE issues with dependency jars of axis2
> ----------------------------------------
>
> Key: AXIS2-5930
> URL: https://issues.apache.org/jira/browse/AXIS2-5930
> Project: Axis2
> Issue Type: Bug
> Affects Versions: 1.7.8
> Reporter: tanishq pruthi
> Priority: Major
> Fix For: 1.7.9
>
>
> The dependent jars in axis 2 package are not updated to latest version
> Due to which, some of the jars contains vulnerabilities . Some of them are below
> [mex-1.7.6-impl.jar|#l203_99ee5f563d035e3904894ea89c4550bb71ddf34b]
> [axis2-kernel-1.7.6.jar|#l245_aa2e05c5dc080f7089072d17acfb9b1a50d8bda9]
> [tribes-6.0.16.jar|#l321_50b300ff415ef0cf3af4f14ec03131cdcb019efa]
> Dependency check tool is giving the following CVE in these jar
> *[CVE-2012-5351|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5351]*
> *[CVE-2012-4418|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4418]* ** \
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic