[SECURITY] Fedora 20 Update: springframework-3.1.4-3.fc20
updates at fedoraproject.org
updates at fedoraproject.org
Fri May 8 07:40:18 UTC 2015
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-6862
2015-04-26 07:27:39
--------------------------------------------------------------------------------
Name : springframework
Product : Fedora 20
Version : 3.1.4
Release : 3.fc20
URL : http://www.springframework.org
Summary : Spring Java Application Framework
Description :
Spring is a layered Java/J2EE application framework, based on code published in
Expert One-on-One J2EE Design and Development by Rod Johnson (Wrox, 2002).
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-0225
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2015 Michal Srb <msrb at redhat.com> - 0:3.1.4-3
- Resolves: CVE-2014-0225
* Fri Dec 6 2013 gil cattaneo <puntogil at libero.it> 0:3.1.4-2
- fix for rhbz: 993376, 953977
- switch to XMvn
- disable derby (partial), and jopt-simple support
- enable castor and jruby support
* Thu Dec 5 2013 Orion Poplawski <orion at cora.nwra.com> - 0:3.1.4-1
- Update to 3.1.4
- Add BR xmlunit
- Change wstx-asl to woodstox-core-asl
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0:3.1.1-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1110110 - CVE-2014-0225 Spring Framework: Information disclosure via SSRF
https://bugzilla.redhat.com/show_bug.cgi?id=1110110
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update springframework' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list