camel-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <claus.ib...@gmail.com>
Subject Re: [VOTE] Release Camel 2.14.1
Date Mon, 02 Mar 2015 07:26:43 GMT
On Mon, Mar 2, 2015 at 8:22 AM, Siano, Stephan <stephan.siano@sap.com> wrote:
> Hi,
>
> The version does still contain the XXE vulnerability for XPath and the XmlConverter (CAMEL-8311
and CAMEL-8312). I think this is about as serious as the issues from CVE-2014-0002 and CVE-2014-0003,
so these two patches should really be in there.
>

Apache has another procedure for security issues, that has to be
properly verified and authorized before actions is taking, and also
has to be discussed in the private before being announced etc.

So if you think there is something about this then please follow the
guides and suggestions from here
http://www.apache.org/security/





> -1 (non binding)
>
> Best regards
> Stephan
>
> -----Original Message-----
> From: Willem Jiang [mailto:willem.jiang@gmail.com]
> Sent: Samstag, 28. Februar 2015 14:29
> To: dev@camel.apache.org
> Subject: [VOTE] Release Camel 2.14.1
>
> This is a vote to release Apache Camel 2.14.2, a patch release coming
> with about 94 issues fixed.
>
> Release notes:
> 2.14.2 https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12329070&styleName=Html&projectId=12311211
>
>
> Staging repo:
> 2.14.2 https://repository.apache.org/content/repositories/orgapachecamel-1024
>
>
> Tarballs:
> 2.14.2 https://repository.apache.org/content/repositories/orgapachecamel-1024/org/apache/camel/apache-camel/2.14.2/
>
>
> Tag:
> 2.14.2 https://git-wip-us.apache.org/repos/asf?p=camel.git;a=tag;h=c8ab49cbaa9c5c8ae776176f7703f5d757fd10cd
>
> Please test this release candidate and cast your vote.
> [ ] +1 Release the binary as Apache Camel 2.14.2
> [ ] -1 Veto the release (provide specific comments)
> Vote is open for at least 72 hours.
>
> --
> Willem Jiang
>
> Red Hat, Inc.
> Web: http://www.redhat.com
> Blog: http://willemjiang.blogspot.com (English)
> http://jnn.iteye.com (Chinese)
> Twitter: willemjiang
> Weibo: 姜宁willem
>
>
>



-- 
Claus Ibsen
-----------------
Red Hat, Inc.
Email: cibsen@redhat.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen
hawtio: http://hawt.io/
fabric8: http://fabric8.io/

Mime
View raw message