Hi Diwakar,
it's not so easy ;)
Spring is used by others frameworks embedded in ServiceMix, like Camel
and CXF.
To upgrade to Spring 3.0.6, we have to use (and align) a Camel and CXF
version supporting this version of Spring.
If it's not possible in ServiceMix 3.4, we will release a ServiceMix
3.4.1 (just a dependency upgrade release) with this Spring version.
Regards
JB
On 09/23/2011 07:47 PM, diwakar wrote:
Hi,
Please note that the fix is in 3.0.6 onwards for 3.x version of
Spring.
http://www.springsource.com/security/cve-2011-2730 has:
"available in:
3.0.6 onwards
2.5.6.SEC03 onwards (community releases)
2.5.7.SR02 (subscription customers)"
So please ugrade to 3.0.6 in SMX 3.4 (and not 3.0.5).
With Best Regards,
Diwakar
--
View this message in context:
http://servicemix.396122.n5.nabble.com/CVE-2011-2730-Spring-Framework-information-disclosure-tp4832786p4834501.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
