users@glassfish.java.net

Re: CPU-APR-2013 Patch

From: Peter Ondruška <peter.ondruska_at_gmail.com>
Date: Thu, 27 Feb 2014 17:20:02 +0100

OK but thanks no. Glassfish 4 does not work on AIX (or even IBM JDK).


On 27 February 2014 15:51, John Clingan <john.clingan_at_oracle.com> wrote:

> There are two options to get the fix:
>
> 1) Purchase an Oracle GlassFish Server license and support
> 2) Upgrade to GlassFish 4
>
> When we fix bugs, they are applied to the the commercial sustaining branch
> and to the trunk. The bugs fixed in the trunk are picked up in the next
> release (GlassFish 4 in this case).
>
> Hope this helps.
>
> On Feb 27, 2014, at 6:41 AM, Wilkins, Brian <bwilkins_at_harris.com> wrote:
>
> > What about Open Source/Community Edition members?
> >
> > -----Original Message-----
> > From: John Clingan [mailto:john.clingan_at_oracle.com]
> > Sent: Thursday, February 27, 2014 9:36 AM
> > To: users_at_glassfish.java.net
> > Subject: Re: CPU-APR-2013 Patch
> >
> > Glenn/Brian, these issues were fixed in the April '13 Critical Patch
> Update, which equates to Oracle GlassFish Server 3.1.2.5. Oracle GlassFish
> Server customers that have an active support contract can download and
> install this patch.
> >
> > Hope this helps.
> >
> > On Feb 26, 2014, at 4:44 AM, Wilkins, Brian <bwilkins_at_harris.com> wrote:
> >
> >> Good question. This was in response to Retina reporting a finding.
> Maybe it doesn't affect 3.1.2.2.
> >>
> >> -----Original Message-----
> >> From: Glenn Holmer [mailto:gholmer_at_weycogroup.com]
> >> Sent: Tuesday, February 25, 2014 4:40 PM
> >> To: users_at_glassfish.java.net
> >> Subject: Re: CPU-APR-2013 Patch
> >>
> >> On 02/25/2014 11:06 AM, Wilkins, Brian wrote:
> >>> Where can I download the patch to fix the vulnerability in the REST
> >>> and ADMIN interface as detailed in CVE 2013-1508 and CVE 2013-1515
> >>> for GlassFish 3.1.2.2?
> >>
> >> Looking closely at the Oracle CPU:
> >>
> >> http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.h
> >> tml
> >>
> >> (search on the CVE number), it lists the affected versions as "3.0.1,
> 3.1.2". Does this vulnerability exist in 3.1.2.2 as well?
> >>
> >> --
> >> Glenn Holmer
> >> Weyco Group, Inc.
> >> phone: 414-908-1809
> >> fax: 414-908-1601
> >>
> >
>
> 


-- 
Peter
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.