You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomee.apache.org by Thibault TIGEON <th...@gmail.com> on 2015/02/18 14:13:51 UTC
New version of security (1.6.0.3) due to a tomcat CVE
(CVE-2014-0227)
Hello everyone,
The version 1.6.0.2 was built with Tomcat 7.0.53.
But There is a security alert on this version :
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55
Secunia alert is available here <http://secunia.com/advisories/62768/> .
Do you think it would be possible to have a new version (1.6.0.3) solving
this problem?
Regards,
Thibault
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/New-version-of-security-1-6-0-3-due-to-a-tomcat-CVE-CVE-2014-0227-tp4673783.html
Sent from the TomEE Dev mailing list archive at Nabble.com.
Re: New version of security (1.6.0.3) due to a tomcat CVE (CVE-2014-0227)
Posted by Jean-Louis Monteiro <jl...@tomitribe.com>.
Right Thibault,
We are all happy to get that security release out if someone wants to
volunteer.
I'd be very happy to vote it.
That said, I can't volunteer myself as I don't have time currently.
JLouis
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Mon, Feb 23, 2015 at 9:43 AM, Thibault TIGEON <th...@gmail.com>
wrote:
> Hello Andy,
>
> I suggested that to avoid security vulnerabilities in version 1.6.0.x.
> I saw you did that on this page
> <http://tomee.apache.org/security/tomee.html> .
>
> Regards,
>
> Thibault
>
>
>
> --
> View this message in context:
> http://tomee-openejb.979440.n4.nabble.com/New-version-of-security-1-6-0-3-due-to-a-tomcat-CVE-CVE-2014-0227-tp4673783p4673858.html
> Sent from the TomEE Dev mailing list archive at Nabble.com.
>
Re: New version of security (1.6.0.3) due to a tomcat CVE
(CVE-2014-0227)
Posted by Thibault TIGEON <th...@gmail.com>.
Hello Andy,
I suggested that to avoid security vulnerabilities in version 1.6.0.x.
I saw you did that on this page
<http://tomee.apache.org/security/tomee.html> .
Regards,
Thibault
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/New-version-of-security-1-6-0-3-due-to-a-tomcat-CVE-CVE-2014-0227-tp4673783p4673858.html
Sent from the TomEE Dev mailing list archive at Nabble.com.
Re: New version of security (1.6.0.3) due to a tomcat CVE (CVE-2014-0227)
Posted by Andy <an...@gmx.de>.
I'm not sure we should even try? 1.7.x is the path to push for the fix,
as it has already moved on from that CVE.
That said, how much needs to change in 1.6.0.2 to upgrade to 7.0.59?
Andy.
On 18/02/2015 22:31, Jean-Louis Monteiro wrote:
> Oups sorry. Thought it was finally not published. Apologize.
>
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
>
> On Wed, Feb 18, 2015 at 10:28 PM, Romain Manni-Bucau <rm...@gmail.com>
> wrote:
>
>> @JL: 1.6.0.2 did I think (at least it is on central)
>>
>>
>> Romain Manni-Bucau
>> @rmannibucau
>> http://www.tomitribe.com
>> http://rmannibucau.wordpress.com
>> https://github.com/rmannibucau
>>
>>
>> 2015-02-18 22:19 GMT+01:00 Jean-Louis Monteiro <jl...@tomitribe.com>:
>>> 1.6.0.2 did not pass the VOTE so it's still time to upgrade the Tomcat
>>> dependencies.
>>>
>>> That said, +1 for the release if someone wants to volunteer.
>>>
>>> Jean-Louis
>>>
>>> --
>>> Jean-Louis Monteiro
>>> http://twitter.com/jlouismonteiro
>>> http://www.tomitribe.com
>>>
>>> On Wed, Feb 18, 2015 at 2:13 PM, Thibault TIGEON <
>> thibault.tigeon@gmail.com>
>>> wrote:
>>>
>>>> Hello everyone,
>>>>
>>>> The version 1.6.0.2 was built with Tomcat 7.0.53.
>>>> But There is a security alert on this version :
>>>> http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55
>>>> Secunia alert is available here <http://secunia.com/advisories/62768/>
>> .
>>>> Do you think it would be possible to have a new version (1.6.0.3)
>> solving
>>>> this problem?
>>>>
>>>> Regards,
>>>>
>>>> Thibault
>>>>
>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>>
>> http://tomee-openejb.979440.n4.nabble.com/New-version-of-security-1-6-0-3-due-to-a-tomcat-CVE-CVE-2014-0227-tp4673783.html
>>>> Sent from the TomEE Dev mailing list archive at Nabble.com.
>>>>
--
Andy Gumbrecht
https://twitter.com/AndyGeeDe
Re: New version of security (1.6.0.3) due to a tomcat CVE (CVE-2014-0227)
Posted by Jean-Louis Monteiro <jl...@tomitribe.com>.
Oups sorry. Thought it was finally not published. Apologize.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Wed, Feb 18, 2015 at 10:28 PM, Romain Manni-Bucau <rm...@gmail.com>
wrote:
> @JL: 1.6.0.2 did I think (at least it is on central)
>
>
> Romain Manni-Bucau
> @rmannibucau
> http://www.tomitribe.com
> http://rmannibucau.wordpress.com
> https://github.com/rmannibucau
>
>
> 2015-02-18 22:19 GMT+01:00 Jean-Louis Monteiro <jl...@tomitribe.com>:
> > 1.6.0.2 did not pass the VOTE so it's still time to upgrade the Tomcat
> > dependencies.
> >
> > That said, +1 for the release if someone wants to volunteer.
> >
> > Jean-Louis
> >
> > --
> > Jean-Louis Monteiro
> > http://twitter.com/jlouismonteiro
> > http://www.tomitribe.com
> >
> > On Wed, Feb 18, 2015 at 2:13 PM, Thibault TIGEON <
> thibault.tigeon@gmail.com>
> > wrote:
> >
> >> Hello everyone,
> >>
> >> The version 1.6.0.2 was built with Tomcat 7.0.53.
> >> But There is a security alert on this version :
> >> http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55
> >> Secunia alert is available here <http://secunia.com/advisories/62768/>
> .
> >>
> >> Do you think it would be possible to have a new version (1.6.0.3)
> solving
> >> this problem?
> >>
> >> Regards,
> >>
> >> Thibault
> >>
> >>
> >>
> >> --
> >> View this message in context:
> >>
> http://tomee-openejb.979440.n4.nabble.com/New-version-of-security-1-6-0-3-due-to-a-tomcat-CVE-CVE-2014-0227-tp4673783.html
> >> Sent from the TomEE Dev mailing list archive at Nabble.com.
> >>
>
Re: New version of security (1.6.0.3) due to a tomcat CVE (CVE-2014-0227)
Posted by Romain Manni-Bucau <rm...@gmail.com>.
@JL: 1.6.0.2 did I think (at least it is on central)
Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau
2015-02-18 22:19 GMT+01:00 Jean-Louis Monteiro <jl...@tomitribe.com>:
> 1.6.0.2 did not pass the VOTE so it's still time to upgrade the Tomcat
> dependencies.
>
> That said, +1 for the release if someone wants to volunteer.
>
> Jean-Louis
>
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
>
> On Wed, Feb 18, 2015 at 2:13 PM, Thibault TIGEON <th...@gmail.com>
> wrote:
>
>> Hello everyone,
>>
>> The version 1.6.0.2 was built with Tomcat 7.0.53.
>> But There is a security alert on this version :
>> http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55
>> Secunia alert is available here <http://secunia.com/advisories/62768/> .
>>
>> Do you think it would be possible to have a new version (1.6.0.3) solving
>> this problem?
>>
>> Regards,
>>
>> Thibault
>>
>>
>>
>> --
>> View this message in context:
>> http://tomee-openejb.979440.n4.nabble.com/New-version-of-security-1-6-0-3-due-to-a-tomcat-CVE-CVE-2014-0227-tp4673783.html
>> Sent from the TomEE Dev mailing list archive at Nabble.com.
>>
Re: New version of security (1.6.0.3) due to a tomcat CVE (CVE-2014-0227)
Posted by Jean-Louis Monteiro <jl...@tomitribe.com>.
1.6.0.2 did not pass the VOTE so it's still time to upgrade the Tomcat
dependencies.
That said, +1 for the release if someone wants to volunteer.
Jean-Louis
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Wed, Feb 18, 2015 at 2:13 PM, Thibault TIGEON <th...@gmail.com>
wrote:
> Hello everyone,
>
> The version 1.6.0.2 was built with Tomcat 7.0.53.
> But There is a security alert on this version :
> http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55
> Secunia alert is available here <http://secunia.com/advisories/62768/> .
>
> Do you think it would be possible to have a new version (1.6.0.3) solving
> this problem?
>
> Regards,
>
> Thibault
>
>
>
> --
> View this message in context:
> http://tomee-openejb.979440.n4.nabble.com/New-version-of-security-1-6-0-3-due-to-a-tomcat-CVE-CVE-2014-0227-tp4673783.html
> Sent from the TomEE Dev mailing list archive at Nabble.com.
>