[teiid-issues] [JBoss JIRA] (TEIID-3811) Teiid Embedded with remote JDBC susceptible to exploit with common-collections in classpath
Steven Hawkins (JIRA)
issues at jboss.org
Thu Nov 19 15:56:00 EST 2015
[ https://issues.jboss.org/browse/TEIID-3811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13131904#comment-13131904 ]
Steven Hawkins commented on TEIID-3811:
---------------------------------------
Thanks Gary, if we need to remove the blacklisting we'll ensure that kits/users know to use the updated version.
> Teiid Embedded with remote JDBC susceptible to exploit with common-collections in classpath
> -------------------------------------------------------------------------------------------
>
> Key: TEIID-3811
> URL: https://issues.jboss.org/browse/TEIID-3811
> Project: Teiid
> Issue Type: Quality Risk
> Components: Embedded
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Critical
> Fix For: 8.12.2, 8.13
>
>
> This issue is to add at least a documentation note warning against - http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
> While remote JDBC is not enabled by default and common-collections is not in the classpath it is possible that common-collections could be picked up from the environment.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the teiid-issues
mailing list