* May be http://tapestry.apache.org/integrating-with-spring-framework.html (2.5.6 ==> 2.5.6.SEC02) > http://www.springsource.com/security/cve-2010-1622 http://en.securitylab.ru/nvd/395057.php
A secchecker plugin for gradle/maven could be created around a CVE check list: org.apache.wicket:wicket Wicket 1.4.x - CVE-2011-2712 - Apache Wicket XSS vulnerability http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047.html bouncycastle Bouncy Castle Java Cryptography API 2.5.2 CVE-2007-6721 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6721 org.springframework Spring Framework 3.0.0->3.0.2 2.5.0->2.5.6.SEC01 (community releases) 2.5.0->2.5.7 (subscription customers) CVE-2010-1622 http://www.springsource.com/security/cve-2010-1622 http://en.securitylab.ru/nvd/395057.php org.apache.cxf CXF +2.4.5,+2.5.1 CVE-2012-0803 http://osdir.com/ml/users-cxf-apache/2012-02/msg00175.html http://marc.info/?l=bugtraq&m=130583021727954 org.apache.derby Derby database +10.6.0 CVE-2009-4269 http://db.apache.org/derby/releases/release-10.6.1.0.html#Fix+for+Security+Bug+CVE-2009-4269 com.google.gwt 1.6.4-1 CVE-2007-2378 CVE-2007-6542 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563542 commons-daemon 1.0.3->1.0.6 CVE-2011-2729 http://mail-archives.apache.org/mod_mbox/www-announce/201108.mbox/%3c4e451c01.6000...@apache.org%3E geronimo/org.apache.geronimo 2.2.0 http://geronimo.apache.org/2010/12/11/apache-geronimo-v221-released.html http://mail-archives.apache.org/mod_mbox/servicemix-users/201201.mbox/%3CCAJUL34NnCnQ4LSDN-9NWfia+2C0pSXaMajY51-=yges46ds...@mail.gmail.com%3E ... tomcat https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/843701 myfaces http://www.spinics.net/lists/bugtraq/msg46538.html archiva http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0532.html jonas +4.10.9 CVE-2009-3555 http://mail-archive.ow2.org/jonas/2010-11/msg00015.html mojarra CVE-2011-4358 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650430 opensaml CVE-2011-1411 http://shibboleth.1660669.n2.nabble.com/CVE-2011-1411-OpenSAML-library-vulnerable-to-XML-Signature-wrapping-attacks-td6618773.html jetty 6.1->6.1.21 CVE-2009-4612 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4612 jetty (6.1.24) CVE-2011-4461 https://bugzilla.redhat.com/show_bug.cgi?id=781677 CVE-2011-0533: Apache Continuum cross === hadoop CVE-2010-0405 https://issues.apache.org/jira/browse/HADOOP-6966 -- View this message in context: http://tapestry.1045711.n5.nabble.com/Sonotype-Security-Brief-tp5606474p5611057.html Sent from the Tapestry - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
