We don’t provide instructions on how to apply patches because we
don’t really release patches. We just ship a new version of the
framework.
In the 11+ years of Grails there haven’t been many security related
issues we had to address in the core framework with a release. The
first one I remember was related to data binding and was kind of
arguable if it was really a security vulnerability or if the framework
just made it too easy for developers to do the wrong thing but we
addressed the issue and I wrote about it at
https://spring.io/blog/2012/03/28/secure-data-binding-with-grails/.
Very recently there was a potential issue that turned out to not have
actually been an issue and information about that is at
https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability.
If you have any specific questions about a security related concern,
please reach out and let us know.
Thanks!
JSB
--
Jeff Scott Brown
Partner and Practice Lead, Grails and Micronaut
Disruptive solutions for a connected world.™
http://objectcomputing.com
Autism Strikes 1 in 166
Find The Cause ~ Find The Cure
http://www.autismspeaks.org/