[teiid-issues] [JBoss JIRA] (TEIID-3811) Teiid Embedded with remote JDBC susceptible to exploit with common-collections in classpath
Steven Hawkins (JIRA)
issues at jboss.org
Mon Nov 9 17:56:00 EST 2015
[ https://issues.jboss.org/browse/TEIID-3811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steven Hawkins resolved TEIID-3811.
-----------------------------------
Fix Version/s: 8.12.2
8.13
Resolution: Done
Explicitly disallowed the class resolution of offending classes. Will post a note in the embedded guide about having offending libraries in the class path.
> Teiid Embedded with remote JDBC susceptible to exploit with common-collections in classpath
> -------------------------------------------------------------------------------------------
>
> Key: TEIID-3811
> URL: https://issues.jboss.org/browse/TEIID-3811
> Project: Teiid
> Issue Type: Quality Risk
> Components: Embedded
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Critical
> Fix For: 8.12.2, 8.13
>
>
> This issue is to add at least a documentation note warning against - http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
> While remote JDBC is not enabled by default and common-collections is not in the classpath it is possible that common-collections could be picked up from the environment.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the teiid-issues
mailing list