flex-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Kerr <ak...@fluid.com>
Subject Re: CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability
Date Wed, 19 Aug 2015 13:05:02 GMT
Thanks, that's what I thought. We will make the move to upgrade to 4.7.1
from 4.6.

On Wed, Aug 19, 2015 at 8:27 AM, Christofer Dutz <christofer.dutz@c-ware.de>
wrote:

> Hi Andrew,
>
> Well as 4.7.0 was the parity-release to 4.6.0 and we didn't really change
> any functionality since the donation prior to 4.7.0, I would bet on it. To
> me it looked as if this issue must have been sitting there since the dawn
> of time. But we explicitly didn't want to mention Adobe BlazeDS in our
> announcement.
>
> Chris
>
> ________________________________________
> Von: Tom Chiverton <tc@extravision.com>
> Gesendet: Mittwoch, 19. August 2015 14:13
> An: users@flex.apache.org
> Betreff: Re: CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity
> Expansion Vulnerability
>
> On 19/08/15 13:07, Andrew Kerr wrote:
> > Does anyone know if this affects the older Adobe BlazeDS 4.6.0?
>
> You'd need to check with Adobe.
>
> They published an advisor today on the topic :
> http://blogs.adobe.com/psirt/?p=1259
> but it only mentions LiveCycle DS.
>
> Tom
>



-- 
Andrew Kerr

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message