Play Framework XML External Entity
197 views
Skip to first unread message
James Roper
Sep 19, 2013, 1:26:29 PM9/19/13
to play-framew...@googlegroups.com
A security vulnerability has been found in all stable versions of Play Framework 2.x released before 20 September 2013.
This vulnerability is the same vulnerability that was announced last week, however it has come to our attention that our fix didn't completely fix it.
The vulnerability has been fixed for all major stable versions of Play, and fixes can be downloaded here:
http://downloads.typesafe.com/play/2.1.5/play-2.1.5.zip
http://downloads.typesafe.com/play/2.0.8/play-2.0.8.zip
The Play team strongly recommends that all Play users upgrade to one of the above releases of Play. The changelogs for these versions can be found here:
http://www.playframework.com/changelog
For more details on this vulnerability, please see the vulnerability advisory on the Play website:
http://www.playframework.com/security/vulnerability/20130920XmlExternalEntity
--
The vulnerability has been fixed for all major stable versions of Play, and fixes can be downloaded here:
http://downloads.typesafe.com/play/2.1.5/play-2.1.5.zip
http://downloads.typesafe.com/play/2.0.8/play-2.0.8.zip
The Play team strongly recommends that all Play users upgrade to one of the above releases of Play. The changelogs for these versions can be found here:
http://www.playframework.com/changelog
For more details on this vulnerability, please see the vulnerability advisory on the Play website:
http://www.playframework.com/security/vulnerability/20130920XmlExternalEntity
Regards,
Reply all
Reply to author
Forward
0 new messages