1 Reply Latest reply on Nov 8, 2013 11:44 AM by Wolf-Dieter Fink

    Question about Security Issues(RHSA-2013-0833)

    尚人 山口 Newbie

      I`m facing security issue of Enterprise Application Platform (EAP).

      RHSA-2013-0833 indicates that EAP v6.1.0 fixes multiple security issues like below CVEs.

      CVE-2012-4529

      CVE-2012-4572

      CVE-2012-5575

      CVE-2013-0166

      CVE-2013-0169

      CVE-2013-0218

      In other hand, I'm now using EAP v6.1.0alfa.

      I know EAP v6.1.0alfa is alfa version of EAP v6.1.0,

      but I want use EAP v6.1.0alfa from now on, too.

      But I don't know EAP v6.1.0alfa fixes above CVEs.

       

      Does someone know which above CVEs are fixed in EAP v6.1.0alfa?

      or

      Does someone have Release Note of EAP v6.1.0alfa?

      or

      Does someone have some information which indicates differ between EAP v6.1.0alfa EAP v6.1.0 about security issues?

        • 1. Re: Question about Security Issues(RHSA-2013-0833)
          Wolf-Dieter Fink Master

          The 6.1.0.Alpha is a previous version of EAP6.1.0.Final. It is not ensured that the fixes can be applied to it! You will run into dangerous issues because the binaries are different for some modules. The final include bugfixes, module upgrades and enhancement which are detected during the Alpha/Beta phases.

           

          The difference is that the Alpha bits are free for use, the Final is only available as a 0$ development subscription or you need to have a subscription to run in UAT or production. See former discussion in this EAP forum.

           

          The Alpha bits are handled (mostly) similar to any community version, there are no bugfixes or security updates. You need to use the current community version or you might fix it yourself.