You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by "Vishwas Babu (Apache)" <vi...@apache.org> on 2019/10/16 06:25:57 UTC
[CVE-2016-4977] Apache Fineract remote code execution vulnerabilities
fixed in v1.3.0
Hello,
The Apache Fineract project would like to hereby disclose that our 1.3.0
release includes a fix for CVE-2016-4977 : A known vulnerability in spring
security upstream dependencies allowed malicious users to trigger remote code
execution. See https://nvd.nist.gov/vuln/detail/CVE-2016-4977 for details of
the upstream CVE.
We would like to thank Roberto (extranewbugs@gmail.com) for reporting
this issue and the Apache Security team for their assistance.
Additional details at
https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report.
Regards,
Vishwas
Re: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0
Posted by Vishwas Babu A J <vi...@apache.org>.
> Apparently your announcement was not accepted to the announce@apache.org
> list
It was, see http://mail-archives.us.apache.org/mod_mbox/www-announce/201910.mbox/%3CCACqpLwJGBRp9cpyhVwxvc0SSrTbUoDxAr%2BYnywXjj%3DBRFhiyPw%40mail.gmail.com%3E
On 2019/10/16 08:19:54, Myrle Krantz <my...@apache.org> wrote:
> Hey Vishwas,
>
> Apparently your announcement was not accepted to the announce@apache.org
> list. If you've received an explanation for why, I'd be curious to know
> what it is. I assume you are working on formulating a mail that is
> accepted?
>
> If you need help with anything, let me know.
>
> Also if you want examples of successful announcements, you can use:
> https://lists.apache.org/list.html?announce@apache.org Go to advanced
> search and look for mails with CVE in the subject line.
>
> Best Regards,
> Myrle
>
>
> On Wed, Oct 16, 2019 at 8:26 AM Vishwas Babu (Apache) <
> vishwasbabu@apache.org> wrote:
>
> > Hello,
> >
> > The Apache Fineract project would like to hereby disclose that our 1.3.0
> >
> > release includes a fix for CVE-2016-4977 : A known vulnerability in spring
> >
> > security upstream dependencies allowed malicious users to trigger remote code
> >
> > execution. See https://nvd.nist.gov/vuln/detail/CVE-2016-4977 for details of
> >
> > the upstream CVE.
> >
> > We would like to thank Roberto (extranewbugs@gmail.com) for reporting
> >
> > this issue and the Apache Security team for their assistance.
> >
> > Additional details at https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report.
> >
> > Regards,
> > Vishwas
> >
> >
>
Re: [CVE-2016-4977] Apache Fineract remote code execution
vulnerabilities fixed in v1.3.0
Posted by Myrle Krantz <my...@apache.org>.
Hey Vishwas,
Apparently your announcement was not accepted to the announce@apache.org
list. If you've received an explanation for why, I'd be curious to know
what it is. I assume you are working on formulating a mail that is
accepted?
If you need help with anything, let me know.
Also if you want examples of successful announcements, you can use:
https://lists.apache.org/list.html?announce@apache.org Go to advanced
search and look for mails with CVE in the subject line.
Best Regards,
Myrle
On Wed, Oct 16, 2019 at 8:26 AM Vishwas Babu (Apache) <
vishwasbabu@apache.org> wrote:
> Hello,
>
> The Apache Fineract project would like to hereby disclose that our 1.3.0
>
> release includes a fix for CVE-2016-4977 : A known vulnerability in spring
>
> security upstream dependencies allowed malicious users to trigger remote code
>
> execution. See https://nvd.nist.gov/vuln/detail/CVE-2016-4977 for details of
>
> the upstream CVE.
>
> We would like to thank Roberto (extranewbugs@gmail.com) for reporting
>
> this issue and the Apache Security team for their assistance.
>
> Additional details at https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report.
>
> Regards,
> Vishwas
>
>