ShardingSphere-UI no longer supported: version 4.1.1 and later versions Deserialization of Untrusted Data vulnerability

[yy2so]

Please note that the ShardingSphere-UI is no longer supported by the community.

The deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allowing an attacker to inject outer link resources has been detected by the community and PMC, and discussed in the mailing list:
https://seclists.org/oss-sec/2021/q4/105

Mitigation:

This issue is related to ShardingSphere-UI project. If you do not deploy UI project, an upgrade is not required.
Conversely you should consider an upgrade if you have deployed the previous UI project.

[tristaZero]

Hello guys,

Sorry, we want to support ShardingSphere UI project, but can not spare much effort on it. Plus, it looks like this UI project trouble users a lot due to such vulnerability issues. Hence, we decided to stop running UI project.
In terms of this vulnerability issue,

• If you do not use UI project, there is no need to upgrade the MAIN ShardingSphere project.
• Otherwise, please do not expose the server deployed UI project.
• Or consider upgrading (Maybe it doesn't work since it is no longer supported from 5.0.0-alpha).

We still welcome anyone who would like to restart ShardingSphere UI. Please ping us here if you have a plan. ;-)

Best wishes,
Trista