[hibernate-issues] [JIRA] (HV-1498) Privilege escalation when running under the security manager
Guillaume Smet (JIRA)
jira at hibernate.atlassian.net
Tue Aug 11 06:17:42 EDT 2020
Guillaume Smet ( https://hibernate.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A71e31052-f0d7-46e3-a9d7-8b9acd6998d8 ) *commented* on HV-1498 ( https://hibernate.atlassian.net/browse/HV-1498?atlOrigin=eyJpIjoiMmViZTE4NjNiYjQ4NDU3ZWI4ZGRhMzExODQ4MzdlYjIiLCJwIjoiaiJ9 )
Re: Privilege escalation when running under the security manager ( https://hibernate.atlassian.net/browse/HV-1498?atlOrigin=eyJpIjoiMmViZTE4NjNiYjQ4NDU3ZWI4ZGRhMzExODQ4MzdlYjIiLCJwIjoiaiJ9 )
It basically says that it has been backported to the 5.2 branch but we haven't done any 5.2 community release.
So all versions of community 5.2 are still vulnerable.
I would advise upgrading to a more recent version if you're worried about this flaw.
( https://hibernate.atlassian.net/browse/HV-1498#add-comment?atlOrigin=eyJpIjoiMmViZTE4NjNiYjQ4NDU3ZWI4ZGRhMzExODQ4MzdlYjIiLCJwIjoiaiJ9 ) Add Comment ( https://hibernate.atlassian.net/browse/HV-1498#add-comment?atlOrigin=eyJpIjoiMmViZTE4NjNiYjQ4NDU3ZWI4ZGRhMzExODQ4MzdlYjIiLCJwIjoiaiJ9 )
Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100142- sha1:98e8dd4 )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/hibernate-issues/attachments/20200811/2930dbfe/attachment.html
More information about the hibernate-issues
mailing list