You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Seumas Soltysik <SS...@progress.com> on 2010/08/19 20:20:58 UTC
Jira for security advisory
Is there any jira for the security advisory decribed here: http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf
I am looking for the patch that was applied to fix this issue.
I have a branch of the 2.1.x line that does not contain the security fix and I am looking to patch this branch.
Regards,
Seumas
Re: Jira for security advisory
Posted by Daniel Kulp <dk...@apache.org>.
On Thursday 19 August 2010 2:20:58 pm Seumas Soltysik wrote:
> Is there any jira for the security advisory decribed here:
> http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf I am
> looking for the patch that was applied to fix this issue.
>
> I have a branch of the 2.1.x line that does not contain the security fix
> and I am looking to patch this branch.
We didn't open a JIRA as it was fixed long before we could make it public.
Filing a JIRA would have made it public before we were ready.
In anycase, the commit was:
r948131 | dkulp | 2010-05-25 13:52:01 -0400 (Tue, 25 May 2010) | 1 line
Turn off DTD and Entity expansion stuff in the XMLStreamReaders
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog