On 2017-10-16 18:08, Jan Kreutzfeld wrote:
I'm referring to this issue: https://www.cvedetails.com/cve/CVE-2015-1832/
Thanks - I don't think that we use that code (worth checking though), so this doesn't appear to be urgent.
As always, we need to get rid of the issue as soon as possible, so we would use the unstable release if necessary.
So which release are you using right now?
Of course, if a stable release would be available, we would prefer to use that instead. So I guess the proper question would be: can you tell me the ETA for the earliest release which updates the derby driver? :-)
Sometimes in November, unless it becomes clear that the vulnerability indeed affects Jackrabbit operation.
Best regards, Julian
