Le 8/12/2016 à 11:49, Mark Thomas a écrit :
> Added.
Thank you Mark.
> The commits on the security pages are meant to be just those required to
> fix the vulnerability.
>
> Back-porters may need additional commits for various reasons:
> a) prior commits that aligned the code with later version
On 08/12/2016 00:37, Emmanuel Bourg wrote:
> Hi,
>
> The security pages are missing another commit, this time for
> CVE-2016-6797. The newly added validateGlobalResourceAccess method in
> ResourceLinkFactory was later modified to iterate over the classloader
> hierarchy. Without this modification
Hi,
The security pages are missing another commit, this time for
CVE-2016-6797. The newly added validateGlobalResourceAccess method in
ResourceLinkFactory was later modified to iterate over the classloader
hierarchy. Without this modification some applications are no longer
able to access their da
