CVE-2012-5920 git commit

[XD chen]

Hi, 

I am trying to patch GWT 2.4.0 version for CVE-2012-5920. But I could not locate the commit from the github. Does anyone know the commit id for the  CVE-2012-5920. 

The release note states that I need to upgrade to 2.5GA. How do we know CVE-2012-5920 fix is included?

Thanks

  Release Notes for 2.5.0

This release includes some minor bug fixes found in the release candidate. See What’s New in GWT 2.5 plus the release notes for 2.5.0 (RC1) and 2.5.0 (RC2) for the full list of features and bugs fixes included in the GWT 2.5.0 release.

Security vulnerability from 2.4 to 2.5 Final

The GWT team recently learned that the Security vulnerability discovered in the 2.4 Beta and Release Candidate releases was only partially fixed in the 2.4 GA release. A more complete fix was added to the 2.5 GA release. If you have an app that’s been built with GWT 2.4 or one of the 2.5 RCs, then you’ll need to get the latest 2.5 release, recompile your app, and redeploy.