Minor issue with fix for CVE 2010-1622 [SPR-11098] #15724
Assignees
Labels
in: core
Issues in core modules (aop, beans, core, context, expression)
status: backported
An issue that has been backported to maintenance branches
type: enhancement
A general enhancement
Milestone
Comments
|
Juergen Hoeller commented Feel free to send it to me via email (it's gopivotal.com and I'm jhoeller there). Juergen |
|
John Melton commented I emailed you a couple days ago, but received no response yet. Can you confirm you received it? |
spring-projects-issues
added
status: backported
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
John Melton opened SPR-11098 and commented
There is a minor issue with the fix for CVE 2010-1622 (http://docs.spring.io/spring/docs/2.5.6.SEC03/changelog.txt). I don't have an exploitable vulnerability, but the issue could lead to a security issue. I couldn't find on the site how to specify this was a security issue and didn't want to post it in the open. Please let me know how to post with the visibility restricted.
Affects: 4.0 RC1
Reference URL: https://github.com/spring-projects/spring-framework/blob/master/spring-beans/src/main/java/org/springframework/beans/CachedIntrospectionResults.java
Referenced from: commits 62ea627, 7f89522
Backported to: 3.2.6
0 votes, 5 watchers
The text was updated successfully, but these errors were encountered: