Hi Claus, Sorry for that, I have to apologize for the hassle. I couldn't find the reference to that page anywhere on the Camel page (I really looked for a procedure when I opened the JIRA items). I write a mail to the security list.
Best regards Stephan -----Original Message----- From: Claus Ibsen [mailto:claus.ib...@gmail.com] Sent: Montag, 2. März 2015 08:27 To: dev Subject: Re: [VOTE] Release Camel 2.14.1 On Mon, Mar 2, 2015 at 8:22 AM, Siano, Stephan <stephan.si...@sap.com> wrote: > Hi, > > The version does still contain the XXE vulnerability for XPath and the > XmlConverter (CAMEL-8311 and CAMEL-8312). I think this is about as serious as > the issues from CVE-2014-0002 and CVE-2014-0003, so these two patches should > really be in there. > Apache has another procedure for security issues, that has to be properly verified and authorized before actions is taking, and also has to be discussed in the private before being announced etc. So if you think there is something about this then please follow the guides and suggestions from here http://www.apache.org/security/ > -1 (non binding) > > Best regards > Stephan > > -----Original Message----- > From: Willem Jiang [mailto:willem.ji...@gmail.com] > Sent: Samstag, 28. Februar 2015 14:29 > To: dev@camel.apache.org > Subject: [VOTE] Release Camel 2.14.1 > > This is a vote to release Apache Camel 2.14.2, a patch release coming > with about 94 issues fixed. > > Release notes: > 2.14.2 > https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12329070&styleName=Html&projectId=12311211 > > > Staging repo: > 2.14.2 https://repository.apache.org/content/repositories/orgapachecamel-1024 > > > Tarballs: > 2.14.2 > https://repository.apache.org/content/repositories/orgapachecamel-1024/org/apache/camel/apache-camel/2.14.2/ > > > Tag: > 2.14.2 > https://git-wip-us.apache.org/repos/asf?p=camel.git;a=tag;h=c8ab49cbaa9c5c8ae776176f7703f5d757fd10cd > > Please test this release candidate and cast your vote. > [ ] +1 Release the binary as Apache Camel 2.14.2 > [ ] -1 Veto the release (provide specific comments) > Vote is open for at least 72 hours. > > -- > Willem Jiang > > Red Hat, Inc. > Web: http://www.redhat.com > Blog: http://willemjiang.blogspot.com (English) > http://jnn.iteye.com (Chinese) > Twitter: willemjiang > Weibo: 姜宁willem > > > -- Claus Ibsen ----------------- Red Hat, Inc. Email: cib...@redhat.com Twitter: davsclaus Blog: http://davsclaus.com Author of Camel in Action: http://www.manning.com/ibsen hawtio: http://hawt.io/ fabric8: http://fabric8.io/
