You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "robert lazarski (JIRA)" <ji...@apache.org> on 2018/06/01 13:30:00 UTC

[jira] [Commented] (AXIS2-5917) Vulnerabilities found in Axis2 with the use of Geronimo

    [ https://issues.apache.org/jira/browse/AXIS2-5917?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16497984#comment-16497984 ] 

robert lazarski commented on AXIS2-5917:
----------------------------------------

There was a Geronimo Application Server project however development stopped years ago. Keep that in mind when looking at Geronimo CVE's.

Separately, Geronimo continues to provide implementations of Java specs and Axis2 distributes the following jars. I see no related issues on these in the link provided.

./axis2-1.7.8/lib/geronimo-ws-metadata_2.0_spec-1.1.2.jar
./axis2-1.7.8/lib/geronimo-jta_1.1_spec-1.1.jar
./axis2-1.7.8/lib/geronimo-saaj_1.3_spec-1.0.1.jar
./axis2-1.7.8/lib/geronimo-stax-api_1.0_spec-1.0.1.jar
./axis2-1.7.8/lib/endorsed/geronimo-jaxws_2.2_spec-1.0.jar
./axis2-1.7.8/lib/endorsed/geronimo-saaj_1.3_spec-1.0.1.jar
./axis2-1.7.8/lib/geronimo-annotation_1.0_spec-1.1.jar
./axis2-1.7.8/lib/geronimo-jaxws_2.2_spec-1.0.jar

 

 

> Vulnerabilities found in Axis2 with the use of Geronimo
> -------------------------------------------------------
>
>                 Key: AXIS2-5917
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5917
>             Project: Axis2
>          Issue Type: Bug
>            Reporter: David Moriconi
>            Priority: Major
>
> Axis2 use a version of Geronimo library that contains multiple vulnerabilities. ([https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=geronimo)]
> There is a latest version of Geronimo that addresses some of these vulnerabilities which is not included in the latest version of Axis2 (1.7.8)
> Can you please advise us about this. Are the vulnerabilities exposed in Axis2. If so, how can we address them.
> Thank you



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org