JBoss AS: list known vulnerability

CVE-2015-7501

Warning in JBoss module
This commit is contained in:
Renaud 2017-03-09 21:02:16 +01:00 committed by c0bw3b
parent 665a89c4a4
commit 72619a86c9
2 changed files with 4 additions and 1 deletions

View file

@ -25,7 +25,7 @@ in
enable = mkOption {
default = false;
description = "Whether to enable jboss";
description = "Whether to enable JBoss. WARNING : this package is outdated and is known to have vulnerabilities.";
};
tempDir = mkOption {

View file

@ -22,5 +22,8 @@ stdenv.mkDerivation {
license = licenses.lgpl21;
maintainers = [ maintainers.sander ];
platforms = platforms.unix;
knownVulnerabilities = [
"CVE-2015-7501: remote code execution in apache-commons-collections: InvokerTransformer during deserialisation"
];
};
}