Language Selection

English French German Italian Portuguese Spanish

Security of open-source software again being scrutinized

Filed under
OSS

A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions.

For instance, although the Java-based Spring Framework was criticized by security researchers in January as having a major flaw that allowed remote-code execution by attackers against applications built with it, the updates to Spring this week don't address this security problem.

"Unfortunately, this is the way a lot of open source vulnerabilities go," said Jeff Williams, CEO at Aspect Security, which pointed out two months ago that the "expression-language" feature in Spring should be disabled until the issue related to potential remote code execution is remediated. But the updates to Spring out this week don't address this problem, though they do expand Spring functionality. Spring Framework is managed under SpringSource, a division of VMware.

rest here




More in Tux Machines

Emmabuntüs Debian Edition Linux Is Now Based on Debian GNU/Linux 9.4 "Stretch"

Emmabuntüs Linux developer Patrick d'Emmabuntüs informs us today on the immediate availability for download of the Emmabuntüs Debian Edition 2 1.02 release. Emmabuntüs Debian Edition 2 1.02 is the second maintenance update to the Debian-based operating system used in schools and other educational institutions across the globe. It's based on the latest Debian GNU/Linux 9.4 "Stretch" operating system and brings various updated components, as well as improvements like the ability to turn off the script that handles the screensaver images and support for automatically detecting and configuring printers. Read more

Android Leftovers

Bodhi Linux 5.0 Enters Development Based on Ubuntu 18.04 LTS, First Alpha Is Out

Now that Canonical released Ubuntu 18.04 LTS (Bionic Beaver), more and more Ubuntu-based GNU/Linux distributions would want to upgrade to it for their next major releases, including Bodhi Linux with the upcoming 5.0 series. The first Alpha is here today to give us a glimpse of what to expect from the final release. Besides being based on Ubuntu 18.04 LTS, the Bodhi Linux 5.0 operating system will be shipping with the forthcoming Moksha 0.3.0 desktop environment based on the Enlightenment window manager/desktop environment, and it's powered by the Linux 4.9 kernel series. Also, it supports 32-bit PAE and non-PAE systems. Read more

Lucky 13? Red Hat releases Red Hat OpenStack Platform 13

In a day filled with news about companies adopting OpenStack Queens, Red Hat, a leading OpenStack Infrastructure-as-a-Service (IaaS) cloud, stood out with its release of its long-term support Red Hat OpenStack Platform (RHOP) 13 since it's one of OpenStack's most stalwart supporters. At OpenStack Summit in Vancouver, Canada, Red Hat announced RHOP 13's release. RHOP is scheduled to be available in June via the Red Hat Customer Portal and as a component of both Red Hat Cloud Infrastructure and Red Hat Cloud Suite. Read more Also: VMware ready to release new OpenStack cloud program