[
https://issues.apache.org/jira/browse/OOZIE-1411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alejandro Abdelnur resolved OOZIE-1411.
---------------------------------------
Resolution: Invalid
misread version. the previous patch took openjpa to 2.2.2 which is not affected.
> upgrade to OpenJPA 2.2.1
> ------------------------
>
> Key: OOZIE-1411
> URL: https://issues.apache.org/jira/browse/OOZIE-1411
> Project: Oozie
> Issue Type: Bug
> Components: build
> Affects Versions: trunk
> Reporter: Alejandro Abdelnur
>
> This just came up in the openjpa alias:
> CVE-2013-1768: Apache OpenJPA security vulnerability
> Severity: Important
> Vendor: The Apache Software Foundation
> Versions Affected:
> OpenJPA 1.0.0 to 1.0.4
> OpenJPA 1.1.0
> OpenJPA 1.3.0
> OpenJPA 1.2.0 to 1.2.2
> OpenJPA 2.0.0 to 2.0.1
> OpenJPA 2.1.0 to 2.1.1
> OpenJPA 2.2.0 to 2.2.1
> Description: Deserialization of a maliciously crafted OpenJPA object can
> result in an executable file being written to the file system. An
> attacker needs to discover an unprotected server program to exploit the
> vulnerability. It then needs to exploit another unprotected server
> program to execute the file and gain access to the system. OpenJPA
> usage by itself does not introduce the vulnerability.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
