Hi Diwakar,
replacing the spring jars in the lib folder (and in the shared) should
be OK.
I will raise a Jira to include it in SMX 3.4.
Regards
JB
On 09/23/2011 10:21 AM, diwakar wrote:
Hi,
We are using servicemix 3.3.2. This version uses Spring framework
2.5.6. Now there is a new version of Spring fremework 2.5.6.SEC03 with the
fix for the security vulnerability.
http://www.springsource.com/security/cve-2011-2730.
The jars are located in:
./apache-servicemix-3.3.2/lib/spring-core-2.5.6.jar
./data/smx/sharedlibs/servicemix-shared/version_1/lib/spring-core-2.5.6.jar
Will servicemix deliver a new version with the fix?
Till then is it fine if we replace the jars manually in our
installations in servicemix-shared and lib folder?
Please let us know your comment.
With Best Regards,
Diwakar
--
View this message in context:
http://servicemix.396122.n5.nabble.com/CVE-2011-2730-Spring-Framework-information-disclosure-tp4832786p4832786.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
