You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@doris.apache.org by "xutaoustc (via GitHub)" <gi...@apache.org> on 2023/04/01 02:08:05 UTC

[GitHub] [doris] xutaoustc opened a new issue, #18304: [Enhancement] Spring Framework 身份认证绕过漏洞(CVE-2023-20860)

xutaoustc opened a new issue, #18304:
URL: https://github.com/apache/doris/issues/18304

   ### Search before asking
   
   - [X] I had searched in the [issues](https://github.com/apache/doris/issues?q=is%3Aissue) and found no similar issues.
   
   
   ### Description
   
   Spring Framework 身份认证绕过漏洞(CVE-2023-20860) in master branch
   
   ### Solution
   
   Upgrade Spring Framework to 5.3.26、6.0.7 or higher level
   
   ### Are you willing to submit PR?
   
   - [ ] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] zy-kkk closed issue #18304: [Enhancement] Spring Framework 身份认证绕过漏洞(CVE-2023-20860)

Posted by "zy-kkk (via GitHub)" <gi...@apache.org>.

zy-kkk closed issue #18304: [Enhancement] Spring Framework 身份认证绕过漏洞(CVE-2023-20860) 
URL: https://github.com/apache/doris/issues/18304


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] CalvinKirs commented on issue #18304: [Enhancement] Spring Framework 身份认证绕过漏洞(CVE-2023-20860)

Posted by "CalvinKirs (via GitHub)" <gi...@apache.org>.

CalvinKirs commented on issue #18304:
URL: https://github.com/apache/doris/issues/18304#issuecomment-1494051778

   I checked the code of Doris, and using Doris does not trigger such a situation. Of course, we should upgrade to the appropriate version as soon as possible.
   BTW, any questions about security vulnerabilities should not be discussed in public,


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org