To be clear, here's the list of Geronimo modules used by ServiceMix:
* ServiceMix Components
Geronimo TxManager
Geronimo Specs Activation
Geronimo Specs J2EE Connector
Geronimo Specs J2EE Management
Geronimo Specs JavaMail
Geronimo Specs JMS
Geronimo Specs JTA
Geronimo Specs SAAJ
Geronimo Specs Servlet
Geronimo Specs STAX API
Geronimo Specs WS Metadata
* ServiceMix Utils
Geronimo Specs J2EE Connector
* ServiceMix NMR
Geronimo Specs JMS
Geronimo Specs JTA
Geronimo Specs Servlet
* ServiceMix Features
Geronimo TxManager
Geronimo Specs Activation
Geronimo Specs J2EE Connector
Geronimo Specs J2EE Management
Geronimo Specs JavaMail
Geronimo Specs JMS
Geronimo Specs JTA
Geronimo Specs SAAJ
Geronimo Specs Servlet
Geronimo Specs STAX API
Geronimo Specs WS Metadata
I don't think it's a security vulnerability, it's just Specs/API.
Regards
JB
On 01/31/2012 02:21 PM, diwakar wrote:
Hi,
>> ServiceMix embeds some Specs provided by Geronimo
If it is only specs, can we ignore this particular security
vulnerability from Servicemix pov.
With Best Regards,
Diwakar
--
View this message in context:
http://servicemix.396122.n5.nabble.com/Servicemix-3-x-Geronimo-Dependency-CVE-2011-5034-tp5443711p5444514.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
