karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Achim Nierbeck (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (KARAF-5423) Karaf is flagged as vulnerable to CVE-2015-5262
Date Fri, 13 Oct 2017 21:19:00 GMT

     [ https://issues.apache.org/jira/browse/KARAF-5423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Achim Nierbeck updated KARAF-5423:
----------------------------------
    Fix Version/s: 4.1.3

> Karaf is flagged as vulnerable to CVE-2015-5262
> -----------------------------------------------
>
>                 Key: KARAF-5423
>                 URL: https://issues.apache.org/jira/browse/KARAF-5423
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 4.1.2
>            Reporter: Fabian Lange
>            Assignee: Achim Nierbeck
>             Fix For: 4.2.0, 4.1.3
>
>
> Pax Url up to the current 2.5.2 include apache httpclient 4.3.5 which is flagged vulnerable
to CVE-2015-5262.
> I already provided a patch upstream https://ops4j1.jira.com/projects/PAXURL/issues/PAXURL-345?filter=allopenissues
> in https://github.com/ops4j/org.ops4j.pax.url/commit/6f938ab159c606c45ec293c116aad41b6cf62510
> but it would require a pax-url release first followed by a dependency upgrade in karaf.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message