β

Security issue in Spring Data REST (CVE-2017-8046)

Spring 17 阅读

Last fall, a security vulnerability affecting Spring Data REST was discovered. We patched the affected modules and published a CVE . We’ve seen some recent news about this that’s led to confusion. Here’s the scoop:

tl;dr:

The reality

We saw some stories that got a few details wrong. Let’s clear things up:

Recommendations

We generally recommend to upgrade to new bugfix releases of individual Spring modules as soon as possible. The team also takes great care to coordinate releases so that a Spring Boot release bundling the latest bug- and security fixes is published very close to the releases of the ecosystem projects.

For security relevant upgrades, please make sure you monitor our published CVE list to find out about releases shipping security fixes immediately.

作者:Spring
原文地址:Security issue in Spring Data REST (CVE-2017-8046), 感谢原作者分享。

发表评论