3 Replies Latest reply on Apr 8, 2014 10:19 AM by davsclaus

    Jboss Fuse 6.1

    rich.peters
    rich.peters Apr 7, 2014 3:54 PM

      Is there any plan to fix the following vulnerabilities before jboss fuse 61. is released?

       

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6429
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2160


      thanks

      Rich


      • 110 Views
      • Tags:
        • 1. Re: Jboss Fuse 6.1
          davsclaus
          davsclaus Apr 8, 2014 5:01 AM (in response to rich.peters)

          JBoss Fuse 6.1 uses Spring 3.2.8 and CXF 2.7.10 - which I think has a fix for those.

          1 of 1 people found this helpful
            • Actions
          • 2. Re: Jboss Fuse 6.1
            rich.peters
            rich.peters Apr 8, 2014 9:35 AM (in response to davsclaus)

            Claus,

             

            thanks for the response,  it wasn't clear to me if those versions were covered.

              • Actions
            • 3. Re: Jboss Fuse 6.1
              davsclaus
              davsclaus Apr 8, 2014 10:19 AM (in response to rich.peters)

              The Red Hat products dont get signed off for release unless the Red Hat security has accepted the release. And they have been outstanding in reporting issues from 3rd party which we must have fixed for fuse 6.1. So they have kept us on our toes to ensure we ship the product as secure as possible.

                • Actions