You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@shardingsphere.apache.org by "jiangML (via GitHub)" <gi...@apache.org> on 2023/06/19 02:25:19 UTC

[GitHub] [shardingsphere] jiangML opened a new pull request, #26424: Fix sonar issue of PluginConfigurationLoader

jiangML opened a new pull request, #26424:
URL: https://github.com/apache/shardingsphere/pull/26424

   Fix sonar issue:
   + https://sonarcloud.io/project/issues?resolved=false&rules=java%3AS1075&id=apache_shardingsphere&open=AYePEBoUmlEb3_Pqvlhq


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shardingsphere] wangdudu321123 commented on pull request #26424: Fix sonar issue of PluginConfigurationLoader

Posted by "wangdudu321123 (via GitHub)" <gi...@apache.org>.

wangdudu321123 commented on PR #26424:
URL: https://github.com/apache/shardingsphere/pull/26424#issuecomment-1643755931

   [【高危漏洞】CVE-2023-28754 Apache ShardingSphere 反序列化漏洞 ](https://mp.weixin.qq.com/s?__biz=Mzg4MDg5NzAxMQ==&mid=2247484559&idx=1&sn=ddd4cbe7bc7c714197a1aceda90e30d7) 实际上需要攻击者获取服务器权限，或者配合其他漏洞才可以造成反序列化攻击，比较鸡肋。In fact, attackers need to obtain server privileges or cooperate with other vulnerabilities to cause deserialization attacks, which is quite challenging.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shardingsphere] tristaZero merged pull request #26424: Fix sonar issue of PluginConfigurationLoader

Posted by "tristaZero (via GitHub)" <gi...@apache.org>.

tristaZero merged PR #26424:
URL: https://github.com/apache/shardingsphere/pull/26424


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org