Merge pull request #23674 from c0bw3b/sec/jboss7

JBoss AS: list known vulnerability
This commit is contained in:
Graham Christensen 2017-03-15 17:33:27 -04:00 committed by GitHub
commit e4c0613470
2 changed files with 4 additions and 1 deletions

View File

@ -25,7 +25,7 @@ in
enable = mkOption { enable = mkOption {
default = false; default = false;
description = "Whether to enable jboss"; description = "Whether to enable JBoss. WARNING : this package is outdated and is known to have vulnerabilities.";
}; };
tempDir = mkOption { tempDir = mkOption {

View File

@ -22,5 +22,8 @@ stdenv.mkDerivation {
license = licenses.lgpl21; license = licenses.lgpl21;
maintainers = [ maintainers.sander ]; maintainers = [ maintainers.sander ];
platforms = platforms.unix; platforms = platforms.unix;
knownVulnerabilities = [
"CVE-2015-7501: remote code execution in apache-commons-collections: InvokerTransformer during deserialisation"
];
}; };
} }