groovy-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacques Le Roux <jacques.le.r...@les7arts.com>
Subject Re: XML RPC Service
Date Sat, 21 Jul 2018 14:56:36 GMT
Wait I was too fast, I did not notice it was only about org.codehaus.groovy:groovy-xmlrpc (and
not Java Apache XML-RPC)
Hopefully it's not affected by the same security issues, I don't know and would be interested
about that...

Thanks

Jacques|
|
Le 21/07/2018 à 16:50, Jacques Le Roux a écrit :
>
> Hi Bernhard,
>
> Actually XML-RPC is no longer maintained, last fix in3.1.3 is for
>
> http://www.openwall.com/lists/oss-security/2011/10/05/10
>
> And there are CVEs pending :
>
> https://0ang3el.blogspot.com/2016/07/beware-of-ws-xmlrpc-library-in-your.html
>
> Other TLPs might be affected, I guess Archiva has been picked because being the 1st in
alphabetical order...
>
> HTH
>
> Jacques
>
>
> Le 19/07/2018 à 17:25, Bernhard Donaubauer a écrit :
>> Hello,
>>
>> I think about replacing an old xml-rpc service written in perl with groovy.
>>
>> There are examples using groovy-xmlrpc like here:
>> https://gist.github.com/bjfish/370521
>>
>> But I wonder if this module is still maintained. While I can find the
>> jar files in the repositories I can't find the according project or sources.
>>
>> Regards,
>> Bernhard Donaubauer
>>
>


Mime
View raw message