You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@flex.apache.org by ehawkins <se...@vmware.com> on 2016/02/01 22:01:48 UTC
Security Alerts
Hi All,
Is there a specific mailing list for security related issues in Blaze DS or
do I just need to parse the issues-subscribe@flex.apache.org list?
--
View this message in context: http://apache-flex-users.2333346.n4.nabble.com/Security-Alerts-tp11876.html
Sent from the Apache Flex Users mailing list archive at Nabble.com.
Re: Security Alerts
Posted by Alex Harui <ah...@adobe.com>.
On 2/1/16, 4:45 PM, "ehawkins" <se...@vmware.com> wrote:
>Our organization uses blazeDS and I need to make them aware of any
>vulnerabilities that crop up asap. The question was really if blazeDS
>sends
>out a specific security digest or alert upon resolution of such issues? If
>not will they just be in the release notes?
I saw a mention that you can try to get alerts from a page like this:
http://www.cvedetails.com/product-list/product_type-/vendor_id-0/firstchar-
B/page-14/products.html?sha=24e5fe0d9149b05106dcf10ba5188bad76301f8b&trc=11
64&order=1
I haven't tried it myself.
HTH,
-Alex
AW: Security Alerts
Posted by Christofer Dutz <ch...@c-ware.de>.
Hi,
Well as I did the last few CVE fixes for BlazeDS we usually posted a security advisory after the release.
The reason is that we have to vote on the release including the release notes, but we don't want to leak the CVE before having a released version out in the wild. The time between Release Notification and CVE did vary a little as sometimes we were asked to hold the Security advisory back for a few days. But I did have to post the CVE mail to several addresses: security@apache.org, oss-security@lists.openwall.com and bugtraq@securityfocus.com
Maybe subscribing to any of these lists/services should do the trick.
Chris
________________________________________
Von: ehawkins <se...@vmware.com>
Gesendet: Dienstag, 2. Februar 2016 01:45
An: users@flex.apache.org
Betreff: Re: Security Alerts
Our organization uses blazeDS and I need to make them aware of any
vulnerabilities that crop up asap. The question was really if blazeDS sends
out a specific security digest or alert upon resolution of such issues? If
not will they just be in the release notes?
--
View this message in context: http://apache-flex-users.2333346.n4.nabble.com/Security-Alerts-tp11876p11878.html
Sent from the Apache Flex Users mailing list archive at Nabble.com.
Re: Security Alerts
Posted by ehawkins <se...@vmware.com>.
Our organization uses blazeDS and I need to make them aware of any
vulnerabilities that crop up asap. The question was really if blazeDS sends
out a specific security digest or alert upon resolution of such issues? If
not will they just be in the release notes?
--
View this message in context: http://apache-flex-users.2333346.n4.nabble.com/Security-Alerts-tp11876p11878.html
Sent from the Apache Flex Users mailing list archive at Nabble.com.
Re: Security Alerts
Posted by Alex Harui <ah...@adobe.com>.
On 2/1/16, 1:01 PM, "ehawkins" <se...@vmware.com> wrote:
>Hi All,
>
>Is there a specific mailing list for security related issues in Blaze DS
>or
>do I just need to parse the issues-subscribe@flex.apache.org list?
>
Are you looking for a list or discussion or are you reporting a new issue?
I think you can just google "CVE BlazeDS" and get a list of known issues.
Discussion often happens in private before the CVE is announced so there
may not be a lot more information than what is in the CVEs. Please report
new issues to security@apache.org.
HTH,
-Alex