Thanks for asking Mario. Note that if you want to discuss a security topic prior to public disclosure you can use priv...@geode.apache.org <mailto:priv...@geode.apache.org>.
Anthony > On Apr 7, 2020, at 12:04 PM, Mario Kevo <mario.k...@est.tech> wrote: > > Hi, > > > I was trying to understand whether Geode is impacted by a security > vulnerability reported on JGroups > (CVE-2016-2141<https://www.cvedetails.com/cve/CVE-2016-2141/>). The > vulnerability is related to member authentication and communication > encryption. What I could learn from this > RFC<https://cwiki.apache.org/confluence/display/GEODE/Replace+UDP+messaging+for+membership+with+TCP> > is that geode doesn’t utilize the JGroups membership system, but only the > UDP messaging, on top of which a custom encryption system is implemented. > > > > From this I would say that the reported vulnerability doesn’t really apply to > Geode. Nevertheless, I wanted to double-check this. > > > BR, > > Mario >
