JBoss AS: list known vulnerability
CVE-2015-7501 Warning in JBoss module
This commit is contained in:
parent
665a89c4a4
commit
72619a86c9
2 changed files with 4 additions and 1 deletions
|
@ -25,7 +25,7 @@ in
|
|||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
description = "Whether to enable jboss";
|
||||
description = "Whether to enable JBoss. WARNING : this package is outdated and is known to have vulnerabilities.";
|
||||
};
|
||||
|
||||
tempDir = mkOption {
|
||||
|
|
|
@ -22,5 +22,8 @@ stdenv.mkDerivation {
|
|||
license = licenses.lgpl21;
|
||||
maintainers = [ maintainers.sander ];
|
||||
platforms = platforms.unix;
|
||||
knownVulnerabilities = [
|
||||
"CVE-2015-7501: remote code execution in apache-commons-collections: InvokerTransformer during deserialisation"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue