https://bugzilla.redhat.com/show_bug.cgi?id=1923838
Jonathan Christison <jochrist(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Comment|3 |updated
--- Comment #3 has been edited ---
Marking Red Hat Fuse 7 as having a low impact, Fuse 7 distributes some shiro
artifacts (shiro-core) as part of camel-shiro however these artifacts are not
impacted by the vulnerability.
Marking Red Hat JBoss Fuse 6 as having a moderate impact, Fuse 6 does
distribute some shiro artifacts as part of camel-shiro, however these are not
affected by the vulnerability, only components using shiro in the context of
the spring web application portion of the shiro framework are affected and only
the artifact org.apache.shiro:spring-boot-web-starter is altered in the fix
version of shiro (1.7.1)
This vulnerability is out of security support scope for the following
products:
* Red Hat JBoss Fuse 6
* Red Hat JBoss A-MQ 6
Please refer to
https://access.redhat.com/support/policy/updates/jboss_notes
for more details.
--
You are receiving this mail because:
You are on the CC list for the bug.