]
Steven Hawkins commented on TEIID-3811:
---------------------------------------
Thanks Gary, if we need to remove the blacklisting we'll ensure that kits/users know
to use the updated version.
Teiid Embedded with remote JDBC susceptible to exploit with
common-collections in classpath
-------------------------------------------------------------------------------------------
Key: TEIID-3811
URL:
https://issues.jboss.org/browse/TEIID-3811
Project: Teiid
Issue Type: Quality Risk
Components: Embedded
Reporter: Steven Hawkins
Assignee: Steven Hawkins
Priority: Critical
Fix For: 8.12.2, 8.13
This issue is to add at least a documentation note warning against -
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-j...
While remote JDBC is not enabled by default and common-collections is not in the
classpath it is possible that common-collections could be picked up from the environment.