Bug 1247859 - (6.4.x) Upgrade spring dependency to mitigate security issues in spring
(6.4.x) Upgrade spring dependency to mitigate security issues in spring
Status: CLOSED WONTFIX
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: RESTEasy (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Panagiotis Sotiropoulos
Katerina Novotna
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-29 02:11 EDT by Panagiotis Sotiropoulos
Modified: 2017-02-20 15:18 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-02-20 15:18:00 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker RESTEASY-830 Critical Resolved Upgrade spring dependency to mitigate security issues in spring 2017-02-20 15:17 EST

  None (edit)
Description Panagiotis Sotiropoulos 2015-07-29 02:11:29 EDT
The 2.3 branch includes a dependency on Spring 3.0.3:

https://github.com/resteasy/Resteasy/blob/Branch_2_3/resteasy-spring/pom.xml#L64

This should be updated from 3.0.3 to >= 3.0.6 to avoid known security flaws:

http://support.springsource.com/security/cve-2011-2894
Comment 2 Panagiotis Sotiropoulos 2015-07-29 03:34:22 EDT
https://github.com/resteasy/Resteasy/pull/657
Comment 4 Mike McCune 2016-03-28 19:23:30 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 5 JBoss JIRA Server 2016-03-28 23:53:26 EDT
Weinan Li <weli@redhat.com> updated the status of jira RESTEASY-830 to Resolved

Note You need to log in before you can comment on or make changes to this bug.