--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c673517dce
2024-03-29 04:07:24.623943
--------------------------------------------------------------------------------
Name : apache-commons-configuration
Product : Fedora 40
Version : 2.10.1
Release : 1.fc40
URL :
https://commons.apache.org/proper/commons-configuration/
Summary : Read configuration data from a variety of sources
Description :
The Commons Configuration software library provides a generic
configuration interface which enables a Java application to read
configuration data from a variety of sources. Commons Configuration
provides typed access to single, and multi-valued configuration
parameters as demonstrated by the following code:
Double double = config.getDouble("number");
Integer integer = config.getInteger("number");
Configuration parameters may be loaded from the following sources:
- Properties files
- XML documents
- Windows INI files
- Property list files (plist)
- JNDI
- JDBC Datasource
- System properties
- Applet parameters
- Servlet parameters
Configuration objects are created using configuration builders.
Different configuration sources can be mixed using a
CombinedConfigurationBuilder and a CombinedConfiguration. Additional
sources of configuration parameters can be created by using custom
configuration objects. This customization can be achieved by extending
AbstractConfiguration or AbstractHierarchicalConfiguration.
%javadoc_package
--------------------------------------------------------------------------------
Update Information:
This update contains security fixes for CVE-2024-29131 and CVE-2024-29133.
See
https://github.com/apache/commons-configuration/blob/master/RELEASE-
NOTES.txt for changes in versions 2.10.0 and 2.10.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 21 2024 Jerry James <loganjerry(a)gmail.com> - 2.10.1-1
- Version 2.10.1 (CVE-2024-29131, CVE-2024-29133)
* Wed Mar 13 2024 Jerry James <loganjerry(a)gmail.com> - 2.10.0-1
- Version 2.10.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2270673 - CVE-2024-29133 commons-configuration: StackOverflowError calling
ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
https://bugzilla.redhat.com/show_bug.cgi?id=2270673
[ 2 ] Bug #2270674 - CVE-2024-29131 commons-configuration: StackOverflowError adding
property in AbstractListDelimiterHandler.flattenIterator()
https://bugzilla.redhat.com/show_bug.cgi?id=2270674
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c673517dce' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------