subject:"Proposal to bring GEODE\-7941 to support\/1.12"

Re: Proposal to bring GEODE-7941 to support/1.12

2020-04-06 Thread Jinmei Liao

+1 to backport On 4/6/20, 9:14 AM, "Anthony Baker" wrote: +1 to backport > On Apr 6, 2020, at 8:54 AM, Owen Nichols wrote: > > Recently some Geode users have expressed concern that shiro-1.4.1.jar is getting flagged for critical security vulnerability CVE-2020-1957.

Re: Proposal to bring GEODE-7941 to support/1.12

2020-04-06 Thread Udo Kohlmeyer

+1 to backport On 4/6/20, 9:14 AM, "Anthony Baker" wrote: +1 to backport > On Apr 6, 2020, at 8:54 AM, Owen Nichols wrote: > > Recently some Geode users have expressed concern that shiro-1.4.1.jar is getting flagged for critical security vulnerability CVE-2020-1957.

Re: Proposal to bring GEODE-7941 to support/1.12

2020-04-06 Thread Owen Nichols

There appears to be consensus that this is a critical fix. I’ve brought the change to support/1.12 and added 1.12.1 to the listed of fixed versions in Jira. git cherry-pick -x 6fffd5c07a2f67575ccec6d19df48c70a51ab1c3 -Owen > On Apr 6, 2020, at 10:35 AM, Dan Smith wrote: > > +1 > > -Dan > >

Re: Proposal to bring GEODE-7941 to support/1.12

2020-04-06 Thread Dan Smith

+1 -Dan On Mon, Apr 6, 2020 at 10:30 AM Bruce Schuchardt wrote: > +1 to backport to support/1.12 > > On 4/6/20, 8:55 AM, "Owen Nichols" wrote: > > Recently some Geode users have expressed concern that shiro-1.4.1.jar > is getting flagged for critical security vulnerability CVE-2020-1957.

Re: Proposal to bring GEODE-7941 to support/1.12

2020-04-06 Thread Bruce Schuchardt

+1 to backport to support/1.12 On 4/6/20, 8:55 AM, "Owen Nichols" wrote: Recently some Geode users have expressed concern that shiro-1.4.1.jar is getting flagged for critical security vulnerability CVE-2020-1957. Analysis shows that Geode does not use Shiro in a manner that would

Re: Proposal to bring GEODE-7941 to support/1.12

2020-04-06 Thread Anthony Baker

+1 to backport > On Apr 6, 2020, at 8:54 AM, Owen Nichols wrote: > > Recently some Geode users have expressed concern that shiro-1.4.1.jar is > getting flagged for critical security vulnerability CVE-2020-1957. > > Analysis shows that Geode does not use Shiro in a manner that would expose > t

Proposal to bring GEODE-7941 to support/1.12

2020-04-06 Thread Owen Nichols

Recently some Geode users have expressed concern that shiro-1.4.1.jar is getting flagged for critical security vulnerability CVE-2020-1957. Analysis shows that Geode does not use Shiro in a manner that would expose this vulnerability, so maybe there is no need to backport GEODE-7941. The risk o

Re: Proposal to bring GEODE-7941 to support/1.12

Re: Proposal to bring GEODE-7941 to support/1.12

Re: Proposal to bring GEODE-7941 to support/1.12

Re: Proposal to bring GEODE-7941 to support/1.12

Re: Proposal to bring GEODE-7941 to support/1.12

Re: Proposal to bring GEODE-7941 to support/1.12

Proposal to bring GEODE-7941 to support/1.12

7 matches

Site Navigation

Mail list logo

Footer information