Hi We got 2016 number, not sure where 2015 one comes from but didnt go through security process - or was before we tackled it? any other pmc saw it?
If didnt went through security@ no reason to mention it. Le 4 avr. 2016 22:57, "Robert Panzer" <rpan...@tomitribe.com> a écrit : > Hi, > > the TomEE docs currently document CVE-2016-0779 as resolved in TomEE 1.7.4 > and 7.0.0-M3. > This seems to be a duplicate of CVE-2015-8581. > > Therefore this vulnerability should also be documented as resolved. > > I opened a ticket and attached a patch that adds a mention of > CVE-2015-8581 next to CVE-2016-0779. > > Would be nice if somebody could review it. > > Cheers > Robert