Today when I want to add spring-context-support I noticed that there is newer version in the Maven 2 repository. The version is a bit unusual, that is "2.5.6.SEC01". I googled a bit then found the announcement made by SpringSource in the security advisory section.
http://www.springsource.com/securityadvisory
According to SpringSource this ad-hoc release is due to bug in JDK 5 (not in the Spring Framework itself) that causes compilation process of certain java.util.regex.Pattern to be unusally long. This is a potential problem as it could be used as Denial Of Service (DoS) attack.
No comments:
Post a Comment