cloudfoundry / ibm-websphere-liberty-buildpack

IBM WebSphere Application Server Liberty Buildpack
Apache License 2.0
72 stars 190 forks source link

[Query] Security Bulletin: swg22011863 (CVE-2017-1681, CVE-2013-6440) #374

Closed ptamma closed 6 years ago

ptamma commented 6 years ago

Hi,

Please help with query if the fix is covered as party of buildpack release v2.9.0 or the Liberty version need updating ? https://github.com/cloudfoundry/ibm-websphere-liberty-buildpack/tree/v2.9.0.0

" http://www-01.ibm.com/support/docview.wss?uid=swg22010419 Remediation/Fixes The recommended solution is to apply the interim fix, Fix Pack or PTF containing APARs PI88642 for each named product as soon as practical.

For WebSphere Application Server Liberty with fixpack levels prior to 17.0.0.3: · Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PI88642 --OR-- · Apply Liberty Fix Pack 17.0.0.3 or later."

kevin-ortega commented 6 years ago

The community buildpack does not provide the Liberty runtime. The buildpack obtains the latest (currently 17.0.0.4) available fixpack from a repository.