You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Mike Curry (JIRA)" <ji...@apache.org> on 2014/01/29 13:00:14 UTC

[jira] [Commented] (SANTUARIO-376) Is it possible to get cve-2013-4517 replicated to the 1.4.x line?

    [ https://issues.apache.org/jira/browse/SANTUARIO-376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13885275#comment-13885275 ] 

Mike Curry commented on SANTUARIO-376:
--------------------------------------

Thanks for the prompt response Colm - appreciate that. I understand where you are coming from and that makes sense.

Thanks again,
Mike

> Is it possible to get cve-2013-4517 replicated to the 1.4.x line?
> -----------------------------------------------------------------
>
>                 Key: SANTUARIO-376
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-376
>             Project: Santuario
>          Issue Type: Wish
>          Components: Java
>    Affects Versions: Java 1.4.8
>            Reporter: Mike Curry
>            Assignee: Colm O hEigeartaigh
>
> Hi,
> Would it be possible for the fix for this security advisory: http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc to be replicated on to the 1.4.x line of releases?
> Our investigation of patching this by increasing our level of Santuario to 1.5.6, resulted in it becoming necessary for us to update wss4j also, which in turn resulted in some aspects of Axis 1 support being removed for us, which in turn is causing some problems in some older aspects of our software.
> A release of Santuario on the 1.4.x line resolving this security issue on that line would greatly reduce the effort required to patch this defect in the short term.
> Is this possible or viable?
> Thanks,
> Mike



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)