Hi all, while I was working on libjackson-json-java and Co., I saw that libspring-java is currently affected by a potential security vulnerability, a XML External Entity (XXE) Injection in the Spring Framework. The security advisory recommends that all users of version 3.x should upgrade to 3.2.4 or later which affects us. http://www.gopivotal.com/security/cve-2013-4152 I think I could package a new revision for stable and unstable that only contains the proposed fix from upstream which looks acceptable for a stable security release. https://github.com/poutsma/spring-framework/commit/2843b7d2ee12e3f9c458f6f816befd21b402e3b9 What do other team members and the uploaders of affected r-deps of libspring-java think about this issue? Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature