Bug 1247859

Summary: (6.4.x) Upgrade spring dependency to mitigate security issues in spring
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Panagiotis Sotiropoulos <psotirop>
Component: RESTEasyAssignee: Panagiotis Sotiropoulos <psotirop>
Status: CLOSED WONTFIX QA Contact: Katerina Odabasi <kanovotn>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: bmaxwell, cdewolf, weli
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-20 20:18:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Panagiotis Sotiropoulos 2015-07-29 06:11:29 UTC 
The 2.3 branch includes a dependency on Spring 3.0.3:

https://github.com/resteasy/Resteasy/blob/Branch_2_3/resteasy-spring/pom.xml#L64

This should be updated from 3.0.3 to >= 3.0.6 to avoid known security flaws:

http://support.springsource.com/security/cve-2011-2894
Comment 2 Panagiotis Sotiropoulos 2015-07-29 07:34:22 UTC 
https://github.com/resteasy/Resteasy/pull/657
Comment 4 Mike McCune 2016-03-28 23:23:30 UTC 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Comment 5 JBoss JIRA Server 2016-03-29 03:53:26 UTC 
Weinan Li <weli> updated the status of jira RESTEASY-830 to Resolved