cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: Jira for security advisory
Date Thu, 19 Aug 2010 18:51:20 GMT
On Thursday 19 August 2010 2:20:58 pm Seumas Soltysik wrote:
> Is there any jira for the security advisory decribed here:
> http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf I am
> looking for the patch that was applied to fix this issue.
> 
> I have a branch of the 2.1.x line that does not contain the security fix
> and I am looking to patch this branch.

We didn't open a JIRA as it was fixed long before we could make it public.   
Filing a JIRA would have made it public before we were ready.

In anycase, the commit was:


r948131 | dkulp | 2010-05-25 13:52:01 -0400 (Tue, 25 May 2010) | 1 line

Turn off DTD and Entity expansion stuff in the XMLStreamReaders




-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog

Mime
View raw message