Language Selection

English French German Italian Portuguese Spanish

Security of open-source software again being scrutinized

Filed under
OSS

A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions.

For instance, although the Java-based Spring Framework was criticized by security researchers in January as having a major flaw that allowed remote-code execution by attackers against applications built with it, the updates to Spring this week don't address this security problem.

"Unfortunately, this is the way a lot of open source vulnerabilities go," said Jeff Williams, CEO at Aspect Security, which pointed out two months ago that the "expression-language" feature in Spring should be disabled until the issue related to potential remote code execution is remediated. But the updates to Spring out this week don't address this problem, though they do expand Spring functionality. Spring Framework is managed under SpringSource, a division of VMware.

rest here




More in Tux Machines

Red Hat and Fedora

Android Leftovers

CUPS 2.2.3 Adds Support for PPD Finishing Keywords, IPP Everywhere Improvements

CUPS 2.2.3 is the third point release to the stable 2.2 series of the project, bringing a bunch of IPP Everywhere improvements, such as support for all print qualities and media types that a printer supports, in the print queues. Additionally, it makes IPP Everywhere finishings support work correctly with common command-line and UI (User Interface) options, and updates the PPD generator to return helpful error messages. Support for PostScript Printer Description (PPD) finishing keywords was also introduced in this release. Read more

Pale Moon A Lightweight, Firefox Based And Cross Platform Web Browser

​Using browsers on a daily basis is nothing new for all us. We all have our favorite type of browsers like Chrome, Opera, Aurora and more. While as being open source mine and many Linux geek favorite browser is Mozilla Firefox. Today I will discuss one of awesome browser based on firefox named Pale Moon. Read
more