You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@doris.apache.org by "xutaoustc (via GitHub)" <gi...@apache.org> on 2023/04/01 02:08:05 UTC
[GitHub] [doris] xutaoustc opened a new issue, #18304: [Enhancement] Spring Framework 身份认证绕过漏洞(CVE-2023-20860)
xutaoustc opened a new issue, #18304:
URL: https://github.com/apache/doris/issues/18304
### Search before asking
- [X] I had searched in the [issues](https://github.com/apache/doris/issues?q=is%3Aissue) and found no similar issues.
### Description
Spring Framework 身份认证绕过漏洞(CVE-2023-20860) in master branch
### Solution
Upgrade Spring Framework to 5.3.26、6.0.7 or higher level
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org
[GitHub] [doris] zy-kkk closed issue #18304: [Enhancement] Spring Framework 身份认证绕过漏洞(CVE-2023-20860)
Posted by "zy-kkk (via GitHub)" <gi...@apache.org>.
zy-kkk closed issue #18304: [Enhancement] Spring Framework 身份认证绕过漏洞(CVE-2023-20860)
URL: https://github.com/apache/doris/issues/18304
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org
[GitHub] [doris] CalvinKirs commented on issue #18304: [Enhancement] Spring Framework 身份认证绕过漏洞(CVE-2023-20860)
Posted by "CalvinKirs (via GitHub)" <gi...@apache.org>.
CalvinKirs commented on issue #18304:
URL: https://github.com/apache/doris/issues/18304#issuecomment-1494051778
I checked the code of Doris, and using Doris does not trigger such a situation. Of course, we should upgrade to the appropriate version as soon as possible.
BTW, any questions about security vulnerabilities should not be discussed in public,
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org