There appears to be consensus to bring this critical fix to support/1.12. I
have done git cherry-pick -x ead319cc04e284838275669c2d502e1a8c5ad822 and
updated GEODE-7970 to add 1.12.1 to the list of fixed versions.
Thanks
-Owen
> On Apr 10, 2020, at 1:24 PM, Dan Smith wrote:
>
> +1
>
> -Dan
+1
-Dan
On Fri, Apr 10, 2020 at 12:37 PM Anilkumar Gingade
wrote:
> +1
> Based on: The risk is low. Avoids false positives in automated
> vulnerability scans.
>
> On Fri, Apr 10, 2020 at 12:33 PM Dick Cavender
> wrote:
>
> > +1
> >
> > On Fri, Apr 10, 2020 at 11:16 AM Owen Nichols
> wrote:
>
+1
Based on: The risk is low. Avoids false positives in automated
vulnerability scans.
On Fri, Apr 10, 2020 at 12:33 PM Dick Cavender wrote:
> +1
>
> On Fri, Apr 10, 2020 at 11:16 AM Owen Nichols wrote:
>
> > Recently it’s been noticed that spring-core-5.2.1.RELEASE.jar is getting
> > flagged f
+1
On Fri, Apr 10, 2020 at 11:16 AM Owen Nichols wrote:
> Recently it’s been noticed that spring-core-5.2.1.RELEASE.jar is getting
> flagged for “high" security vulnerability CVE-2020-5398.
>
> Analysis shows that Geode does not use Spring in a manner that would
> expose this vulnerability (none
Recently it’s been noticed that spring-core-5.2.1.RELEASE.jar is getting
flagged for “high" security vulnerability CVE-2020-5398.
Analysis shows that Geode does not use Spring in a manner that would expose
this vulnerability (none of our REST apis or pulse set a Content-Disposition
header deriv
