Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerabilities #2551

Closed
codelano opened this issue Nov 25, 2019 · 2 comments
Closed

Security vulnerabilities #2551

codelano opened this issue Nov 25, 2019 · 2 comments
Milestone
2.9.10.1

Comments

@codelano
Copy link

Security vulnerabilities are reported since 2.0 version up to curent 2.10.0 version.
https://nvd.nist.gov/vuln/detail/CVE-2019-16942
https://nvd.nist.gov/vuln/detail/CVE-2019-16943
https://nvd.nist.gov/vuln/detail/CVE-2019-17531
Do you have any plans to address these?
@cowtowncoder
Copy link
Member

@codelano I am not familiar with these CVEs. Have you looked issue tracker here, if they match for any fixes? Looking at jars mentioned I would guess some or maybe all are fixed.
The only unreleased (wrt 2.9 branch) fix would be #2526.

Given that they are about Default Typing, 2.10.0 and later are not affected.

@cowtowncoder
Copy link
Member

cowtowncoder commented Nov 25, 2019
edited
Loading

Ok. Next time please have a look at issue tracker yourself. Fixes that cover these are

Both included in 2.9.10.1 release; 2.10.0 and later not affected.

I do have better things to do than work as search engine for lazy users.

@cowtowncoder cowtowncoder added this to the 2.9.10.1 milestone Nov 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.9.10.1
Development

No branches or pull requests
2 participants
@cowtowncoder @codelano