You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cxf.apache.org by Seumas Soltysik <SS...@progress.com> on 2010/08/19 20:20:58 UTC

Jira for security advisory

Is there any jira for the security advisory decribed here: http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf 
I am looking for the patch that was applied to fix this issue.

I have a branch of the 2.1.x line that does not contain the security fix and I am looking to patch this branch.

Regards,
Seumas

Re: Jira for security advisory

Posted by Daniel Kulp <dk...@apache.org>.

On Thursday 19 August 2010 2:20:58 pm Seumas Soltysik wrote:
> Is there any jira for the security advisory decribed here:
> http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf I am
> looking for the patch that was applied to fix this issue.
> 
> I have a branch of the 2.1.x line that does not contain the security fix
> and I am looking to patch this branch.

We didn't open a JIRA as it was fixed long before we could make it public.   
Filing a JIRA would have made it public before we were ready.

In anycase, the commit was:


r948131 | dkulp | 2010-05-25 13:52:01 -0400 (Tue, 25 May 2010) | 1 line

Turn off DTD and Entity expansion stuff in the XMLStreamReaders




-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog