You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by Ricardo Iramar dos Santos <ri...@gmail.com> on 2014/09/29 21:59:31 UTC

Shellshock (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277)

Hi All,

Probably you've already heard about Shellshock
(https://shellshocker.net) in the last few days and I didn't find any
discussion about it here.
Some of the projects that I work for are using jackrabbit 2.8 and I'd
like to know from jackrabbit developers if we should concerning about
shellshock.
I don't think that it could have any impact but I decided just open
the discussion here so maybe any expert could give some tip.

Thanks
Ricardo

Re: Shellshock (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277)

Posted by Alexander Klimetschek <ak...@adobe.com>.

Jackrabbit itself doesn't use cgi or bash scripts.

Cheers,
Alex

On 29.09.2014, at 12:59, Ricardo Iramar dos Santos <ri...@gmail.com> wrote:

> Hi All,
> 
> Probably you've already heard about Shellshock
> (https://shellshocker.net) in the last few days and I didn't find any
> discussion about it here.
> Some of the projects that I work for are using jackrabbit 2.8 and I'd
> like to know from jackrabbit developers if we should concerning about
> shellshock.
> I don't think that it could have any impact but I decided just open
> the discussion here so maybe any expert could give some tip.
> 
> Thanks
> Ricardo