[HSTTWO-2747] Upgrade Spring dependency to 3.2.5.RELEASE - Issues

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: 2.26.08
Fix Version/s: 2.28.00-alpha-1, 2.28.00
Component/s: None
Labels:
- 7.9-tp

Sprint:
Sprint 69

Description

A vulnerability was found in the Spring framework: http://seclists.org/fulldisclosure/2013/Nov/31

This has no direct impact on our stack since both affected modules (Spring MVC and OXM) are not used/packaged by vanilla HST2, but as the impact of upgrading to the latest v3.2.4 of Spring is probably minimal we would like implementations of the HST to use these modules with the latest, secure release of Spring.

More info:

http://www.gopivotal.com/security/cve-2013-4152
https://jira.springsource.org/browse/SPR-10806

Attachments

Activity

People

Assignee:: Junaidh Kadhar Sheriff

Reporter:: Arthur Bogaart

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 11/Nov/13 1:36 PM

Updated:: 24/Dec/13 3:29 PM

Resolved:: 24/Dec/13 3:29 PM