On Fri, 2008-07-04 at 15:15 +0100, Frederic Heem wrote: > Hi, > There are many memory leaks which can be considered as security > vulnerabilities. Anyone with little knowledge can make axis2c run out of > memory which leads to a denial of service.
In a typical production environment Axis2/C runs with Apache. Since we are releasing the request pool after each request even if there are per request leaks these will not cause DOS attacks. This will not mean we shouldn't fix them but they will not affect any production usage of Axis2/C. If Axis2/C leaks memory to Apache global pool then we need to consider those seriously. So can you point us those type of leaks ? BTW we do not guarantee axis2_simple_http_server is safe with DOS attacks. It is there for testing purposes. > Will they be fixed for the > new release ? I think most of the memory leaks are fixed in the new release. You can test the RC and report if there are any. > Best Regards, > Frederic Heem > > Supun Kamburugamuva wrote: > > Hi All, > > > > I have packed and uploaded Apache Axis2/C 1.5.0 RC1 here [1]. Please > > test and send your feedback. > > > > [1] http://people.apache.org/~supun/release_1_5/rc1/ > > <http://people.apache.org/%7Esupun/release_1_5/rc1/> > > > > Thanks, > > Supun.. > > > > ______________________________________________________________________________ > > --- NOTICE --- > > This email and any attachments are confidential and are intended for the > addressee only. If you have received this message by mistake, please contact > us immediately and then delete the message from your system. You must not > copy, distribute, disclose or act upon the contents of this email. Personal > and corporate data submitted will be used in a correct, transparent and lawful > manner. The data collected will be processed in paper or computerized form for > the performance of contractual and lawful obligations as well as for the > effective management of business relationship. The data processor is Telsey > S.p.A. The data subject may exercise all the rights set forth in art. 7 of > Law by Decree 30.06.2003 n. 196 as reported in the following url > http://www.telsey.com/privacy.asp. > > ______________________________________________________________________________ > 798t8RfNa6Dl8Ilf > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
