-------- Original Message --------
Subject: Re: JBoss HSQLDB Remote Command Injection Vulnerability: Fixed in JBoss 3.2.2
Date: Thu, 23 Oct 2003 16:10:52 -0600 (MDT)
From: Aaron Adams <[EMAIL PROTECTED]>
To: rarguell uio.satnet.net
References: <[EMAIL PROTECTED]>
Ricardo,
I've made the associated changes to the bid to reflect the information you've given me. If there are any problems please feel free to contact me directly.
Also, if you could inform me when JBoss 3.0.9 has been released to the public, I will again update the BID.
Thank you for the information.
Regards, Aaron Adams
SecurityFocus owners,
The vulnerability:
JBoss HSQLDB Remote Command Injection Vulnerability http://www.securityfocus.com/bid/8773
Has been addressed in the recent JBoss 3.2.2 release.
Here is the related CVS commit: http://sourceforge.net/mailarchive/message.php?msg_id=6153888
The JBoss 3.0.9 release is not yet available, but the CVS 3.0.x version should have the fix also. The fixed 3.0.9 release should be available soon.
Greetings,
Ricardo Argüello
------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user