Security updates for metro?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Security updates for metro?

Mehrtens, Hauke
How are security problems handled in the metro project?

The SOAP web service topic is so complicated, I just assume that there
was a security problem in metro in the last years, but I have never seen
any notification of fixed security issues. Apache CXF had many security
advisories in the last years:

Oracle fixed some security issues in the Orcale Weblogic server in the
WLS - Web Services part, which uses metro internally, see CVE-2014-4254,
CVE-2014-2479, CVE-2014-4201, CVE-2014-4202 and CVE-2014-4210. Do any of
these issues also affect the standalone metro version?

Is there a website or any anything else to inform users about security
problems and their fixes in metro?

Do you just silently fix the problems in the next major or minor metro
release and the community should always assume that you fixed some major