Apache James

Wednesday September 30, 2015

Apache James Server 2.3.2 security vulnerability fixed

VU#988628: Apache James Server 2.3.2 security vulnerability fixed

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: James Server 2.3.2

Description: Apache James Server 2.3.2 has security issue that can let a user execute arbitrary system command.

Mitigation: 2.3.2 users should upgrade to to be downloaded from http://james.apache.org/download.cgi#Apache_James_Server


Hi, I'm trying to update JAMES from 2.3.2 to the security patch which has been downloaded as suggested above. When I try to start JAMES up there is an error in the log file indicating the "<users-store>" failed to pass through the starting stage. The config.xml file being used is the same as was being used on 2.3.2. The error indicates there is a syntax error with the "destination >>URL". I can see this attribute in the XML config file but it looks exactly the same as the syntax shown on these web pages and the same as the syntax of the standard config.xml file generated when the james/app is unpacked. Has anyone had problems in this area ?

Posted by Chris Blackburn on October 26, 2015 at 04:49 PM UTC #

Which JDK are you using?

Posted by Michael Gao on November 04, 2015 at 06:25 PM UTC #

Hi Cris, I have the same issue, I filed an issue, see https://issues.apache.org/jira/browse/JAMES-1631 No answer yet :(

Posted by Vincent on November 05, 2015 at 10:36 AM UTC #

Also, would it be possible to get details on the security issue that was fixed? Thanks.

Posted by Vincent on November 05, 2015 at 10:37 AM UTC #

I,being having problem for a year,my phones getting hacked and gettin malware.after I,turn service off.I,see James apache,don't know much about this.can someone tell if it follows me.I,can get new number new phone and same problem. can someone comment.

Posted by Tony on August 22, 2016 at 06:46 AM UTC #

Post a Comment:
  • HTML Syntax: NOT allowed



Hot Blogs (today's hits)

Tag Cloud