Le 06/08/2018 à 22:00, Bernhard Donaubauer a écrit :
Jacques Le Roux <jacques.le.roux@les7arts.com>

And there are CVEs pending :

https://0ang3el.blogspot.com/2016/07/beware-of-ws-xmlrpc-library-in-your.html

Other TLPs might be affected, I guess Archiva has been picked because being the 1st in alphabetical order...

This is a pure in house service so I guess the mentioned vulnerabilities are not so crucial. I mean if somebody has entered our network and is able to start an denial of service attack to this service we have much lager problem than one not responding service.
Actually we fixed some of these issues in OFBiz:
https://issues.apache.org/jira/browse/OFBIZ-10484
https://issues.apache.org/jira/browse/OFBIZ-10509

We prefer to be safe than sorry.
Jacques