www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vishwas Babu (Apache)" <vishwasb...@apache.org>
Subject [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0
Date Wed, 16 Oct 2019 06:25:57 GMT
Hello,

The Apache Fineract project would like to hereby disclose that our 1.3.0

release includes a fix for CVE-2016-4977 : A known vulnerability in spring

security upstream dependencies allowed malicious users to trigger remote code

execution. See https://nvd.nist.gov/vuln/detail/CVE-2016-4977 for details of

the upstream CVE.

We would like to thank Roberto (extranewbugs@gmail.com) for reporting

this issue and the Apache Security team for their assistance.

Additional details at
https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report.

Regards,
Vishwas

Mime
View raw message