Dear all,
I have released
authn.oidc 2.0.1 and
icat.oaipmh 2.0.1
These new versions bump logback-classic to 1.3.12 which fixes a a
serialization vulnerability, allowing an attacker to mount a
Denial-Of-Service attack by sending poisoned data.
If you use either component on Payara 6, it is highly recommended to
upgrade.
Best regards,
Rolf
--
Rolf Krahl <
rolf....@helmholtz-berlin.de>
Helmholtz-Zentrum Berlin für Materialien und Energie (HZB)
Albert-Einstein-Str. 15, 12489 Berlin
Tel.:
+49 30 8062 12122