You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Tomasz Zakrzewski <tz...@gmail.com> on 2014/08/07 08:16:12 UTC

CXF and version of Spring

Hi



Recently released version of CXF (2.6.15) depends on Spring 3.0.7.RELEASE.

Spring 3.0.7.RELEASE is affected by following vulnerabilities:
CVE-2014-0225, CVE-2014-1904.



Is also CXF affected? Or CXF uses Spring in the way, that is not affected?


br

Tom