You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2020/12/14 08:53:18 UTC

[GitHub] [servicecomb-java-chassis] v35715009 opened a new issue #2131: 2.1.3版本使用的SpringFramework版本是带有高位漏洞的5.1.14版本，是否考虑升级到不存在漏洞的版本？

v35715009 opened a new issue #2131:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2131


   VMware Tanzu发布安全公告，在Spring Framework版本5.2.0-5.2.8、5.1.0-5.1.17、5.0.0-5.0.18、4.3.0-4.3.28和较旧的不受支持的版本中，公布了一个存在于Spring Framework中的反射型文件下载（Reflected File Download,RFD）漏洞CVE-2020-5421。参考：
   
   https://tanzu.vmware.com/security/cve-2020-5421


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] liubao68 closed issue #2131: 2.1.3版本使用的SpringFramework版本是带有高危漏洞的5.1.14版本，是否考虑升级到不存在漏洞的版本？

Posted by GitBox <gi...@apache.org>.

liubao68 closed issue #2131:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2131


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] liubao68 commented on issue #2131: 2.1.3版本使用的SpringFramework版本是带有高危漏洞的5.1.14版本，是否考虑升级到不存在漏洞的版本？

Posted by GitBox <gi...@apache.org>.

liubao68 commented on issue #2131:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2131#issuecomment-745226238


   已经修复： https://github.com/apache/servicecomb-java-chassis/pull/2136 。
   计划在2.1.5发布。 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] liubao68 commented on issue #2131: 2.1.3版本使用的SpringFramework版本是带有高危漏洞的5.1.14版本，是否考虑升级到不存在漏洞的版本？

Posted by GitBox <gi...@apache.org>.

liubao68 commented on issue #2131:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2131#issuecomment-785533006


   fixed in 2.1.5


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org