Hi,
Can you please verify if Crowd 2.11.1 version is affected by the Apache Struts2 REST XStream Vulnerability (CVE-2017-9805) ?
The REST plugin seems to be integrated into Crowd since 2.0.
Is Crowd using the REST plugin with XML?
If so will there be a patch for it?
Thanks,
Looks like nope: https://twitter.com/JIRA/status/905486179901906944
Thanks for the reply. It is great that Atlassian is so fast to respond to these issues. Helps us a lot.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.