You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/02/16 03:40:20 UTC
[GitHub] [apisix] TARI0510 opened a new issue #6335: Is apisix 2.11.0 version affected by CVE-2022-24112?
TARI0510 opened a new issue #6335:
URL: https://github.com/apache/apisix/issues/6335
### Issue description
2.11.0 version `batch-requests` is enabled by default
https://github.com/apache/apisix/blob/2.11.0/conf/config-default.yaml#L310
and 2.11.0 doesn't have patch code in
https://github.com/apache/apisix/blob/2.11.0/apisix/plugins/batch-requests.lua#L168
here is CVE-2022-24112's patch code
https://github.com/apache/apisix/pull/6251/files#diff-b80ee9fead226c0432f9e78cf5cae941641f9f685c49002f6a51310dd7134892R169
but in announcement, it only refer to 2.10.x version and 2.12.x version
### Environment
default environment
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] leslie-tsang commented on issue #6335: Is apisix 2.11.0 version affected by CVE-2022-24112?
Posted by GitBox <gi...@apache.org>.
leslie-tsang commented on issue #6335:
URL: https://github.com/apache/apisix/issues/6335#issuecomment-1041288605
> Is apisix 2.11.0 version affected by CVE-2022-24112
Yes, `apisix 2.11.0` was affected.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] TARI0510 commented on issue #6335: Is apisix 2.11.0 version affected by CVE-2022-24112?
Posted by GitBox <gi...@apache.org>.
TARI0510 commented on issue #6335:
URL: https://github.com/apache/apisix/issues/6335#issuecomment-1041297676
Is there any plan to release a patch for 2.11.0? I see 2.10.x and 2.12.x have a patch version
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] TARI0510 commented on issue #6335: Is apisix 2.11.0 version affected by CVE-2022-24112?
Posted by GitBox <gi...@apache.org>.
TARI0510 commented on issue #6335:
URL: https://github.com/apache/apisix/issues/6335#issuecomment-1041386979
ok!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] TARI0510 commented on issue #6335: Is apisix 2.11.0 version affected by CVE-2022-24112?
Posted by GitBox <gi...@apache.org>.
TARI0510 commented on issue #6335:
URL: https://github.com/apache/apisix/issues/6335#issuecomment-1041308257
Ok, thanks to reply!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #6335: Is apisix 2.11.0 version affected by CVE-2022-24112?
Posted by GitBox <gi...@apache.org>.
tzssangglass commented on issue #6335:
URL: https://github.com/apache/apisix/issues/6335#issuecomment-1041302551
`2.11.0` is not LTS version, won't backport to this version.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] leslie-tsang commented on issue #6335: Is apisix 2.11.0 version affected by CVE-2022-24112?
Posted by GitBox <gi...@apache.org>.
leslie-tsang commented on issue #6335:
URL: https://github.com/apache/apisix/issues/6335#issuecomment-1041311263
It's recommended to upgrade APISIX to the latest version `2.12.1`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] TARI0510 closed issue #6335: Is apisix 2.11.0 version affected by CVE-2022-24112?
Posted by GitBox <gi...@apache.org>.
TARI0510 closed issue #6335:
URL: https://github.com/apache/apisix/issues/6335
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org