1 Reply Latest reply on Nov 8, 2013 11:44 AM by wdfink

Question about Security Issues(RHSA-2013-0833)

jbossloginny Nov 8, 2013 6:58 AM

I`m facing security issue of Enterprise Application Platform (EAP).

RHSA-2013-0833 indicates that EAP v6.1.0 fixes multiple security issues like below CVEs.

CVE-2012-4529

CVE-2012-4572

CVE-2012-5575

CVE-2013-0166

CVE-2013-0169

CVE-2013-0218

In other hand, I'm now using EAP v6.1.0alfa.

I know EAP v6.1.0alfa is alfa version of EAP v6.1.0,

but I want use EAP v6.1.0alfa from now on, too.

But I don't know EAP v6.1.0alfa fixes above CVEs.

Does someone know which above CVEs are fixed in EAP v6.1.0alfa?

Does someone have Release Note of EAP v6.1.0alfa?

Does someone have some information which indicates differ between EAP v6.1.0alfa EAP v6.1.0 about security issues?

1. Re: Question about Security Issues(RHSA-2013-0833)

wdfink Nov 8, 2013 11:44 AM (in response to jbossloginny)

The 6.1.0.Alpha is a previous version of EAP6.1.0.Final. It is not ensured that the fixes can be applied to it! You will run into dangerous issues because the binaries are different for some modules. The final include bugfixes, module upgrades and enhancement which are detected during the Alpha/Beta phases.

The difference is that the Alpha bits are free for use, the Final is only available as a 0$ development subscription or you need to have a subscription to run in UAT or production. See former discussion in this EAP forum.

The Alpha bits are handled (mostly) similar to any community version, there are no bugfixes or security updates. You need to use the current community version or you might fix it yourself.
Actions