[teiid-issues] [JBoss JIRA] (TEIID-3811) Teiid Embedded with remote JDBC susceptible to exploit with common-collections in classpath
Gary Gregory (JIRA)
issues at jboss.org
Fri Nov 13 14:57:00 EST 2015
[ https://issues.jboss.org/browse/TEIID-3811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13128948#comment-13128948 ]
Gary Gregory commented on TEIID-3811:
-------------------------------------
Note that we (Apache Commons) are in the middle of cutting a 3.2.2 version to address this security vulnerability.
> Teiid Embedded with remote JDBC susceptible to exploit with common-collections in classpath
> -------------------------------------------------------------------------------------------
>
> Key: TEIID-3811
> URL: https://issues.jboss.org/browse/TEIID-3811
> Project: Teiid
> Issue Type: Quality Risk
> Components: Embedded
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Critical
> Fix For: 8.12.2, 8.13
>
>
> This issue is to add at least a documentation note warning against - http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
> While remote JDBC is not enabled by default and common-collections is not in the classpath it is possible that common-collections could be picked up from the environment.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the teiid-issues
mailing list