You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by GitBox <gi...@apache.org> on 2021/11/03 13:37:05 UTC
[GitHub] [directory-ldap-api] renatoathaydes opened a new pull request #18: Update mina.core version to avoid CVE-2021-41973
renatoathaydes opened a new pull request #18:
URL: https://github.com/apache/directory-ldap-api/pull/18
This was a nasty CVE and it's been fixed in mina-core 2.1.5: https://www.openwall.com/lists/oss-security/2021/11/01/2
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
[GitHub] [directory-ldap-api] elecharny commented on pull request #18: Update mina.core version to avoid CVE-2021-41973
Posted by GitBox <gi...@apache.org>.
elecharny commented on pull request #18:
URL: https://github.com/apache/directory-ldap-api/pull/18#issuecomment-959128292
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
[GitHub] [directory-ldap-api] elecharny closed pull request #18: Update mina.core version to avoid CVE-2021-41973
Posted by GitBox <gi...@apache.org>.
elecharny closed pull request #18:
URL: https://github.com/apache/directory-ldap-api/pull/18
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
[GitHub] [directory-ldap-api] renatoathaydes commented on pull request #18: Update mina.core version to avoid CVE-2021-41973
Posted by GitBox <gi...@apache.org>.
renatoathaydes commented on pull request #18:
URL: https://github.com/apache/directory-ldap-api/pull/18#issuecomment-959130058
Thank you for the quick update!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
[GitHub] [directory-ldap-api] renatoathaydes commented on pull request #18: Update mina.core version to avoid CVE-2021-41973
Posted by GitBox <gi...@apache.org>.
renatoathaydes commented on pull request #18:
URL: https://github.com/apache/directory-ldap-api/pull/18#issuecomment-959130058
Thank you for the quick update!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
[GitHub] [directory-ldap-api] elecharny commented on pull request #18: Update mina.core version to avoid CVE-2021-41973
Posted by GitBox <gi...@apache.org>.
elecharny commented on pull request #18:
URL: https://github.com/apache/directory-ldap-api/pull/18#issuecomment-959128292
Hi Renato,
we will update, but this CVE has no impact on the LDAP API, as we don't expose HTTP. In other words, the LDAP API is not impacted whatsoever.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
[GitHub] [directory-ldap-api] elecharny commented on pull request #18: Update mina.core version to avoid CVE-2021-41973
Posted by GitBox <gi...@apache.org>.
elecharny commented on pull request #18:
URL: https://github.com/apache/directory-ldap-api/pull/18#issuecomment-959140565
Also we are currently working on a new MINA version that will support TLS 1.3, which is currently not supported. The idea is to wait for MINA 2.2 before any major release of the LDAP API.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
[GitHub] [directory-ldap-api] elecharny commented on pull request #18: Update mina.core version to avoid CVE-2021-41973
Posted by GitBox <gi...@apache.org>.
elecharny commented on pull request #18:
URL: https://github.com/apache/directory-ldap-api/pull/18#issuecomment-1004188855
Just pushed the new version in the pom.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
[GitHub] [directory-ldap-api] renatoathaydes commented on pull request #18: Update mina.core version to avoid CVE-2021-41973
Posted by GitBox <gi...@apache.org>.
renatoathaydes commented on pull request #18:
URL: https://github.com/apache/directory-ldap-api/pull/18#issuecomment-959130058
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
[GitHub] [directory-ldap-api] elecharny commented on pull request #18: Update mina.core version to avoid CVE-2021-41973
Posted by GitBox <gi...@apache.org>.
elecharny commented on pull request #18:
URL: https://github.com/apache/directory-ldap-api/pull/18#issuecomment-959128292
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
[GitHub] [directory-ldap-api] travisspencer commented on pull request #18: Update mina.core version to avoid CVE-2021-41973
Posted by GitBox <gi...@apache.org>.
travisspencer commented on pull request #18:
URL: https://github.com/apache/directory-ldap-api/pull/18#issuecomment-1004013267
This is tripping scanners. I know it's a false positive for the reasons you mentioned @elecharny , and that we can ignore it; however, it would be preferable to just upgrade the dependency. Is that possible? Can this PR be merged?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org