Question about Web Services CVE on Older versions of OpenMRS


(Craig Appl) #1

Hi,

I received the CVE on the Web Services module: Critical Security Advisory CVE-2018-19276: 2019-02-04 We have a few older versions of OpenMRS that are on 1.12.x and they may not be able to upgrade to the latest version of the web services module. Can you point us to the specific commits that fix this vulnerability?

Thanks, Craig

FYI @burke, @isears


(Daniel Kayiwa) #2

This module supports all the way up to platform 1.9.x https://addons.openmrs.org/show/org.openmrs.module.webservices-rest


(Isaac Sears) #3

Hi Craig!

The fix was done in two PRs:

It wasn’t an especially complex fix. If you (or anyone else for that matter) have any issues with this on 1.12.x feel free to ping me about it!