]
Tom Cunningham resolved JBESB-3884.
-----------------------------------
Resolution: Done
Upgraded to jruby 1.7.1
jruby.jar as shipped with JBoss ESB exposes CVE-2012-5370
---------------------------------------------------------
Key: JBESB-3884
URL:
https://issues.jboss.org/browse/JBESB-3884
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: 4.11
Reporter: David Jorm
Assignee: Tom Cunningham
Fix For: 4.11 CP2
jruby.jar as shipped with JBoss ESB exposes CVE-2012-5370. We are shipping JRuby 1.6.5.1.
The upstream Ruby language has replaced the vulnerable Murmur hash function / algorithm
implementation with the SipHash-2-4 implementation:
http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/
An upstream fix is not yet available for JRuby. Once an upstream fix is available, we
should incorporate it into a future release via a component upgrade.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: