Security update for jakarta-taglibs-standard (important)

ID SUSE-SU-2017:1568-1
Type suse
Reporter Suse
Modified 2017-06-15T00:09:02


This update for jakarta-taglibs-standard fixes the following issues:

  • CVE-2015-0254: Apache Standard Taglibs allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) x:parse or (2) x:transform JSTL XML tag. (bsc#920813)