Dear XL Deploy community,
During a recent security audit by XebiaLabs, a number of vulnerabilities were discovered in libraries that XL Deploy uses. As a precaution, and to prevent any future vulnerability, we have upgraded or replaced those libraries.
Please upgrade your installation to one of the following versions:
* XL Deploy 4.5.1
* XL Deploy 4.0.2
* Deployit 3.9.5
The following potential vulnerabilities have been addressed:
* CVE-2009-2625 Xerces: DoS vulnerability via malformed XML input
* CVE-2009-4269 Apache Derby: Weak password hash generation algorithm
* CVE-2013-0248 Apache Commons FileUpload: Symlink attack vulnerability
* CVE-2013-7315 Spring Framework: XML External Entity (XXE) injection flaw
* CVE-2013-7285 XStream: Remote code execution due to insecure XML deserialization
* CVE-2014-0050 Apache Commons FileUpload: DoS vulnerability via crafted Content-Type header
* CVE-2014-0079 Spring Framework: Empty passwords may bypass authentication
* JCR-3630 Jackrabbit: XSS in DirListingExportHandler